From 72a512383177c28a7daa7f8ba6c47afbd3aa3ef2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= Date: Tue, 3 May 2022 19:58:27 +0200 Subject: [PATCH] dataviz: set x-frame-options to sameorigin for embedded graphs (#64826) --- combo/apps/dataviz/views.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/combo/apps/dataviz/views.py b/combo/apps/dataviz/views.py index 0d53ef23..6bdfc2af 100644 --- a/combo/apps/dataviz/views.py +++ b/combo/apps/dataviz/views.py @@ -20,6 +20,7 @@ from django.http import Http404, HttpResponse, HttpResponseBadRequest from django.shortcuts import render from django.template import TemplateSyntaxError, VariableDoesNotExist from django.utils.translation import ugettext_lazy as _ +from django.views.decorators.clickjacking import xframe_options_sameorigin from django.views.generic import DetailView from requests.exceptions import HTTPError @@ -107,4 +108,4 @@ class DatavizGraphView(DetailView): return render(self.request, 'combo/dataviz-error.svg', context=context, content_type='image/svg+xml') -dataviz_graph = DatavizGraphView.as_view() +dataviz_graph = xframe_options_sameorigin(DatavizGraphView.as_view())