0001-mics-apply-xframe_options_deny-to-views-44435.patch

Benjamin Dauvergne, 25 juin 2020 12:13

Voir les différences: en ligne côte à côte

Subject: [PATCH] mics: apply xframe_options_deny to views (#44435)

IdP and auth views are exempted.

 src/authentic2/urls.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

     from django.contrib.staticfiles.views import serve
     from django.views.generic.base import TemplateView
     from django.views.static import serve as media_serve
     from django.views.decorators.clickjacking import xframe_options_deny
     from . import plugins, views
     from . import plugins, views, decorators
     admin.autodiscover()
-...
             url(r'^__debug__/', include(debug_toolbar.urls)),
         ] + urlpatterns
     # prevent click-jacking on authentic views
     urlpatterns = decorators.required(xframe_options_deny, urlpatterns)
     urlpatterns = plugins.register_plugins_urls(urlpatterns)
+    -

Produits Entr'ouvert » Authentic 2