Merge branch 'xframe-options' of https://github.com/czlee/django-summ…

…ernote into czlee-xframe-options
lqez · Jan 12, 2021 · 3932cbf · 3932cbf
2 parents b4577c4 + 901a4d2
commit 3932cbf
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -56,12 +56,7 @@ SETUP
 
      - Please, read the [official v3.0 documentation](https://docs.djangoproject.com/en/3.0/topics/files/) for more details on file uploads.
 
-5. If you're using Django 3.x with default SummernoteWidget, then
-
-     - Do not forget to set `X_FRAME_OPTIONS = 'SAMEORIGIN'` in your django settings.
-     - [Clickjacking Protection](https://docs.djangoproject.com/en/3.0/ref/clickjacking/)
-
-6. Run database migration for preparing attachment model.
+5. Run database migration for preparing attachment model.
 
        python manage.py migrate
 
@@ -194,7 +189,7 @@ SUMMERNOTE_CONFIG = {
 
         # Use proper language setting automatically (default)
         'lang': None,
-        
+
         # Toolbar customization
         # https://summernote.org/deep-dive/#custom-toolbar-popover
         'toolbar': [

diff --git a/django_summernote/views.py b/django_summernote/views.py
@@ -6,6 +6,8 @@
 from django.template.loader import render_to_string
 from django.utils.translation import gettext as _
 from django.views.generic import TemplateView, View
+from django.utils.decorators import method_decorator
+from django.views.decorators.clickjacking import xframe_options_sameorigin
 
 from django_summernote.forms import UploadForm
 from django_summernote.utils import get_attachment_model, using_config, \
@@ -35,6 +37,10 @@ def __init__(self):
             + static_default_js \
             + config['js']
 
+    @method_decorator(xframe_options_sameorigin)
+    def dispatch(self, *args, **kwargs):
+        return super(SummernoteEditor, self).dispatch(*args, **kwargs)
+
     @using_config
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
@@ -56,6 +62,10 @@ def test_func(self):
     def __init__(self):
         super().__init__()
 
+    @method_decorator(xframe_options_sameorigin)
+    def dispatch(self, *args, **kwargs):
+        return super(SummernoteUploadAttachment, self).dispatch(*args, **kwargs)
+
     def get(self, request, *args, **kwargs):
         return JsonResponse({
             'status': 'false',