dataviz: set x-frame-options to sameorigin for embedded graphs (#64826)

2022-05-03 19:58:27 +02:00 · 2022-05-03 19:58:27 +02:00 · 72a5123831
parent b29a6140be
commit 72a5123831
1 changed files with 2 additions and 1 deletions
--- a/combo/apps/dataviz/views.py
+++ b/combo/apps/dataviz/views.py
@ -20,6 +20,7 @@ from django.http import Http404, HttpResponse, HttpResponseBadRequest
 from django.shortcuts import render
 from django.template import TemplateSyntaxError, VariableDoesNotExist
 from django.utils.translation import ugettext_lazy as _
+from django.views.decorators.clickjacking import xframe_options_sameorigin
 from django.views.generic import DetailView
 from requests.exceptions import HTTPError

@ -107,4 +108,4 @@ class DatavizGraphView(DetailView):
        return render(self.request, 'combo/dataviz-error.svg', context=context, content_type='image/svg+xml')


-dataviz_graph = DatavizGraphView.as_view()
+dataviz_graph = xframe_options_sameorigin(DatavizGraphView.as_view())