I have a website that I created in Django 1.8, which should load in iframe Box.com. However, it does not load in Chrome, and I get a SAMEORIGIN error with x-frame-options parameters.
But I added the following middleware classes:
MIDDLEWARE_CLASSES = ( # Default Django middleware. 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.locale.LocaleMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', )
and in my view.py, the xframe_options_exempt decoder was added, for example:
@api_view(['GET']) @xframe_options_exempt def category_list(request): """ List all categories. """ if request.method == 'GET': categories = Category.objects.order_by('-category_type') serializer = CategorySerializer(categories, many=True) return Response(serializer.data)
Plus, I tried adding the following setting with no luck:
X_FRAME_OPTIONS = 'ALLOW-FROM https://app.box.com/'
Can someone help me find out why this still doesn't allow the page to load? I also need to add a decorator function to urls.py, how is it?
from django.views.decorators.clickjacking import xframe_options_exempt urlpatterns = patterns('base.views', url(r'^categories$', xframe_options_exempt(category_list)), )
Thanks so much for any help.