Set X-Frame-Options setting on a per-view basis #405
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hello, I was wondering what you would think of setting X-Frame-Options on a per-view basis, rather than having users specify
X_FRAME_OPTIONS
for the entire site in the settings file? This would allow the site still to run with the defaultX-Frame-Options: DENY
for general security, while letting the Summernote frames through.I notice this has been suggested by @mimi89999 in #381 (comment), but I wasn't sure what the outcome of that was.
In our project we only use the text editors (we don't use file attachments), so I might not have caught every relevant spot—let me know if I missed something.
Thanks for your work on this package, it's been a godsend for us!