Skip to content

Commit

Permalink
Set xframe_options_sameorigin policy on filebrowser views.
Browse files Browse the repository at this point in the history
  • Loading branch information
@vdboor
vdboor committed Jul 9, 2014
1 parent e8acd28 commit 55cb9b2
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion filebrowser/sites.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
from django.core.paginator import Paginator, InvalidPage, EmptyPage
from django.utils.encoding import smart_text
from django.contrib import messages
from django.views.decorators.clickjacking import xframe_options_sameorigin
from django.views.decorators.csrf import csrf_exempt
from django.core.files.storage import DefaultStorage, default_storage, FileSystemStorage

Expand Down Expand Up @@ -172,7 +173,7 @@ def handle_file_upload(path, file, site):

def filebrowser_view(view):
"Only let staff browse the files"
return staff_member_required(never_cache(view))
return staff_member_required(never_cache(xframe_options_sameorigin(view)))


class FileBrowserSite(object):
Expand Down

0 comments on commit 55cb9b2

Please sign in to comment.