Sophie

Sophie

distrib > Fedora > 20 > i386 > by-pkgid > 422242acff54b9373d7d4b7f73232ce1 > files > 79

python3-django-doc-1.6.7-1.fc20.noarch.rpm


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    
    <title>django.middleware.clickjacking &mdash; Django 1.6.7 documentation</title>
    
    <link rel="stylesheet" href="../../../_static/default.css" type="text/css" />
    <link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" />
    
    <script type="text/javascript">
      var DOCUMENTATION_OPTIONS = {
        URL_ROOT:    '../../../',
        VERSION:     '1.6.7',
        COLLAPSE_INDEX: false,
        FILE_SUFFIX: '.html',
        HAS_SOURCE:  true
      };
    </script>
    <script type="text/javascript" src="../../../_static/jquery.js"></script>
    <script type="text/javascript" src="../../../_static/underscore.js"></script>
    <script type="text/javascript" src="../../../_static/doctools.js"></script>
    <link rel="top" title="Django 1.6.7 documentation" href="../../../index.html" />
    <link rel="up" title="Module code" href="../../index.html" />



 
<script type="text/javascript" src="../../../templatebuiltins.js"></script>
<script type="text/javascript">
(function($) {
    if (!django_template_builtins) {
       // templatebuiltins.js missing, do nothing.
       return;
    }
    $(document).ready(function() {
        // Hyperlink Django template tags and filters
        var base = "../../../ref/templates/builtins.html";
        if (base == "#") {
            // Special case for builtins.html itself
            base = "";
        }
        // Tags are keywords, class '.k'
        $("div.highlight\\-html\\+django span.k").each(function(i, elem) {
             var tagname = $(elem).text();
             if ($.inArray(tagname, django_template_builtins.ttags) != -1) {
                 var fragment = tagname.replace(/_/, '-');
                 $(elem).html("<a href='" + base + "#" + fragment + "'>" + tagname + "</a>");
             }
        });
        // Filters are functions, class '.nf'
        $("div.highlight\\-html\\+django span.nf").each(function(i, elem) {
             var filtername = $(elem).text();
             if ($.inArray(filtername, django_template_builtins.tfilters) != -1) {
                 var fragment = filtername.replace(/_/, '-');
                 $(elem).html("<a href='" + base + "#" + fragment + "'>" + filtername + "</a>");
             }
        });
    });
})(jQuery);
</script>


  </head>
  <body>

    <div class="document">
  <div id="custom-doc" class="yui-t6">
    <div id="hd">
      <h1><a href="../../../index.html">Django 1.6.7 documentation</a></h1>
      <div id="global-nav">
        <a title="Home page" href="../../../index.html">Home</a>  |
        <a title="Table of contents" href="../../../contents.html">Table of contents</a>  |
        <a title="Global index" href="../../../genindex.html">Index</a>  |
        <a title="Module index" href="../../../py-modindex.html">Modules</a>
      </div>
      <div class="nav">
    <a href="../../index.html" title="Module code" accesskey="U">up</a></div>
    </div>
    
    <div id="bd">
      <div id="yui-main">
        <div class="yui-b">
          <div class="yui-g" id="_modules-django-middleware-clickjacking">
            
  <h1>Source code for django.middleware.clickjacking</h1><div class="highlight"><pre>
<span class="sd">&quot;&quot;&quot;</span>
<span class="sd">Clickjacking Protection Middleware.</span>

<span class="sd">This module provides a middleware that implements protection against a</span>
<span class="sd">malicious site loading resources from your site in a hidden frame.</span>
<span class="sd">&quot;&quot;&quot;</span>

<span class="kn">from</span> <span class="nn">django.conf</span> <span class="kn">import</span> <span class="n">settings</span>

<div class="viewcode-block" id="XFrameOptionsMiddleware"><a class="viewcode-back" href="../../../ref/middleware.html#django.middleware.clickjacking.XFrameOptionsMiddleware">[docs]</a><span class="k">class</span> <span class="nc">XFrameOptionsMiddleware</span><span class="p">(</span><span class="nb">object</span><span class="p">):</span>
    <span class="sd">&quot;&quot;&quot;</span>
<span class="sd">    Middleware that sets the X-Frame-Options HTTP header in HTTP responses.</span>

<span class="sd">    Does not set the header if it&#39;s already set or if the response contains</span>
<span class="sd">    a xframe_options_exempt value set to True.</span>

<span class="sd">    By default, sets the X-Frame-Options header to &#39;SAMEORIGIN&#39;, meaning the</span>
<span class="sd">    response can only be loaded on a frame within the same site. To prevent the</span>
<span class="sd">    response from being loaded in a frame in any site, set X_FRAME_OPTIONS in</span>
<span class="sd">    your project&#39;s Django settings to &#39;DENY&#39;.</span>

<span class="sd">    Note: older browsers will quietly ignore this header, thus other</span>
<span class="sd">    clickjacking protection techniques should be used if protection in those</span>
<span class="sd">    browsers is required.</span>

<span class="sd">    http://en.wikipedia.org/wiki/Clickjacking#Server_and_client</span>
<span class="sd">    &quot;&quot;&quot;</span>
    <span class="k">def</span> <span class="nf">process_response</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="n">response</span><span class="p">):</span>
        <span class="c"># Don&#39;t set it if it&#39;s already in the response</span>
        <span class="k">if</span> <span class="n">response</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s">&#39;X-Frame-Options&#39;</span><span class="p">,</span> <span class="bp">None</span><span class="p">)</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span>
            <span class="k">return</span> <span class="n">response</span>

        <span class="c"># Don&#39;t set it if they used @xframe_options_exempt</span>
        <span class="k">if</span> <span class="nb">getattr</span><span class="p">(</span><span class="n">response</span><span class="p">,</span> <span class="s">&#39;xframe_options_exempt&#39;</span><span class="p">,</span> <span class="bp">False</span><span class="p">):</span>
            <span class="k">return</span> <span class="n">response</span>

        <span class="n">response</span><span class="p">[</span><span class="s">&#39;X-Frame-Options&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">get_xframe_options_value</span><span class="p">(</span><span class="n">request</span><span class="p">,</span>
                                                                    <span class="n">response</span><span class="p">)</span>
        <span class="k">return</span> <span class="n">response</span>

    <span class="k">def</span> <span class="nf">get_xframe_options_value</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="n">response</span><span class="p">):</span>
        <span class="sd">&quot;&quot;&quot;</span>
<span class="sd">        Gets the value to set for the X_FRAME_OPTIONS header.</span>

<span class="sd">        By default this uses the value from the X_FRAME_OPTIONS Django</span>
<span class="sd">        settings. If not found in settings, defaults to &#39;SAMEORIGIN&#39;.</span>

<span class="sd">        This method can be overridden if needed, allowing it to vary based on</span>
<span class="sd">        the request or response.</span>
<span class="sd">        &quot;&quot;&quot;</span>
        <span class="k">return</span> <span class="nb">getattr</span><span class="p">(</span><span class="n">settings</span><span class="p">,</span> <span class="s">&#39;X_FRAME_OPTIONS&#39;</span><span class="p">,</span> <span class="s">&#39;SAMEORIGIN&#39;</span><span class="p">)</span><span class="o">.</span><span class="n">upper</span><span class="p">()</span></div>
</pre></div>

          </div>         
        </div>
      </div>
      
        
          <div class="yui-b" id="sidebar">
            
      <div class="sphinxsidebar">
        <div class="sphinxsidebarwrapper">
  <h3>Browse</h3>
  <ul>
    
    
  </ul>
  <h3>You are here:</h3>
  <ul>
      <li>
        <a href="../../../index.html">Django 1.6.7 documentation</a>
        
          <ul><li><a href="../../index.html">Module code</a>
        
        <ul><li>django.middleware.clickjacking</li></ul>
        </li></ul>
      </li>
  </ul>  

<div id="searchbox" style="display: none">
  <h3>Quick search</h3>
    <form class="search" action="../../../search.html" method="get">
      <input type="text" name="q" />
      <input type="submit" value="Go" />
      <input type="hidden" name="check_keywords" value="yes" />
      <input type="hidden" name="area" value="default" />
    </form>
    <p class="searchtip" style="font-size: 90%">
    Enter search terms or a module, class or function name.
    </p>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
        </div>
      </div>
              <h3>Last update:</h3>
              <p class="topless">Sep 26, 2014</p>
          </div> 
        
      
    </div>
    
    <div id="ft">
      <div class="nav">
    <a href="../../index.html" title="Module code" accesskey="U">up</a></div>
    </div>
  </div>

      <div class="clearer"></div>
    </div>
  </body>
</html>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional