From 3c2bbb0d5a93b510282b532b3e8704c3fa3c856f Mon Sep 17 00:00:00 2001
From: Chuan-Zheng Lee <czlee@stanford.edu>
Date: Sat, 20 Jun 2020 16:40:32 -0700
Subject: [PATCH 1/2] Specify X-Frame-Options explicitly in both views

---
 django_summernote/views.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/django_summernote/views.py b/django_summernote/views.py
index 2cf17239..91f605a4 100644
--- a/django_summernote/views.py
+++ b/django_summernote/views.py
@@ -9,6 +9,8 @@
 else:
     from django.utils.translation import ugettext as _
 from django.views.generic import TemplateView
+from django.utils.decorators import method_decorator
+from django.views.decorators.clickjacking import xframe_options_sameorigin
 
 from django_summernote.forms import UploadForm
 from django_summernote.utils import get_attachment_model, using_config, \
@@ -44,6 +46,10 @@ def __init__(self):
             + static_default_js \
             + config['js']
 
+    @method_decorator(xframe_options_sameorigin)
+    def dispatch(self, *args, **kwargs):
+        return super(SummernoteEditor, self).dispatch(*args, **kwargs)
+
     @using_config
     def get_context_data(self, **kwargs):
         context = super(SummernoteEditor, self).get_context_data(**kwargs)
@@ -65,6 +71,10 @@ def test_func(self):
     def __init__(self):
         super(SummernoteUploadAttachment, self).__init__()
 
+    @method_decorator(xframe_options_sameorigin)
+    def dispatch(self, *args, **kwargs):
+        return super(SummernoteUploadAttachment, self).dispatch(*args, **kwargs)
+
     def get(self, request, *args, **kwargs):
         return JsonResponse({
             'status': 'false',

From 901a4d2644eb0297b90cd41d1c97fab8902fed95 Mon Sep 17 00:00:00 2001
From: Chuan-Zheng Lee <czlee@stanford.edu>
Date: Sat, 20 Jun 2020 16:42:11 -0700
Subject: [PATCH 2/2] Remove note about X-Frame-Options in Django 3.0

The views now override the middleware using the xframeoptions_sameorigin
decorator, as in 3c2bbb0d5a93b510282b532b3e8704c3fa3c856f.
---
 README.md | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 40532843..5733f829 100644
--- a/README.md
+++ b/README.md
@@ -56,12 +56,7 @@ SETUP
 
      - Please, read the [official v3.0 documentation](https://docs.djangoproject.com/en/3.0/topics/files/) for more details on file uploads.
 
-5. If you're using Django 3.x with default SummernoteWidget, then
-
-     - Do not forget to set `X_FRAME_OPTIONS = 'SAMEORIGIN'` in your django settings.
-     - [Clickjacking Protection](https://docs.djangoproject.com/en/3.0/ref/clickjacking/)
-
-6. Run database migration for preparing attachment model.
+5. Run database migration for preparing attachment model.
 
        python manage.py migrate
 
@@ -194,7 +189,7 @@ SUMMERNOTE_CONFIG = {
 
         # Use proper language setting automatically (default)
         'lang': None,
-        
+
         # Toolbar customization
         # https://summernote.org/deep-dive/#custom-toolbar-popover
         'toolbar': [