Specify X-Frame-Options explicitly in both views

czlee · Jun 20, 2020 · 3c2bbb0 · 3c2bbb0
1 parent 2fde2a2
commit 3c2bbb0
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/django_summernote/views.py b/django_summernote/views.py
@@ -9,6 +9,8 @@
 else:
     from django.utils.translation import ugettext as _
 from django.views.generic import TemplateView
+from django.utils.decorators import method_decorator
+from django.views.decorators.clickjacking import xframe_options_sameorigin
 
 from django_summernote.forms import UploadForm
 from django_summernote.utils import get_attachment_model, using_config, \
@@ -44,6 +46,10 @@ def __init__(self):
             + static_default_js \
             + config['js']
 
+    @method_decorator(xframe_options_sameorigin)
+    def dispatch(self, *args, **kwargs):
+        return super(SummernoteEditor, self).dispatch(*args, **kwargs)
+
     @using_config
     def get_context_data(self, **kwargs):
         context = super(SummernoteEditor, self).get_context_data(**kwargs)
@@ -65,6 +71,10 @@ def test_func(self):
     def __init__(self):
         super(SummernoteUploadAttachment, self).__init__()
 
+    @method_decorator(xframe_options_sameorigin)
+    def dispatch(self, *args, **kwargs):
+        return super(SummernoteUploadAttachment, self).dispatch(*args, **kwargs)
+
     def get(self, request, *args, **kwargs):
         return JsonResponse({
             'status': 'false',