Esempi in Python per TemplateResponse.xframe_options_exempt

Linguaggio di programmazione: Python

Spazio dei nomi/nome del pacchetto: django.template.response

Classe/tipologia: TemplateResponse

Metodo/funzione: xframe_options_exempt

Esempi su hotexamples.com: 2

TemplateResponse.xframe_options_exempt in Python: 2 esempi trovati. Questi sono i migliori esempi reali in Python per django.template.response.TemplateResponse.xframe_options_exempt, estratti da progetti open source. Li puoi valutare, per aiutarci a migliorare la qualità dei nostri esempi.

Metodi utilizzati di frequente

Mostra Nascondi

render(30)

TemplateResponse(30)

set_cookie(12)

delete_cookie(9)

status_code(9)

set_signed_cookie(6)

add_post_render_callback(6)

content(4)

context_data(4)

current_app(2)

__init__(2)

realm(1)

app_name(1)

resolve_template(1)

_is_rendered(1)

_csp_update(1)

__setitem__(1)

template_name(1)

xframe_options_exempt(1)

Esempio n. 1

Mostra file

def render_article(request, article, current_language, slug):
    """
    Renders an article
    """
    context = {}
    context['article'] = article
    context['lang'] = current_language
    context['current_article'] = article
    context['has_change_permissions'] = article.has_change_permission(request)

    response = TemplateResponse(request, article.template, context)
    response.add_post_render_callback(set_page_cache)

    # Add headers for X Frame Options - this really should be changed upon moving to class based views
    xframe_options = article.tree.get_xframe_options()
    # xframe_options can be None if there's no xframe information on the page
    # (eg. a top-level page which has xframe options set to "inherit")
    if xframe_options == Page.X_FRAME_OPTIONS_INHERIT or xframe_options is None:
        # This is when we defer to django's own clickjacking handling
        return response

    # We want to prevent django setting this in their middlewear
    response.xframe_options_exempt = True

    if xframe_options == Page.X_FRAME_OPTIONS_ALLOW:
        # Do nothing, allowed is no header.
        return response
    elif xframe_options == Page.X_FRAME_OPTIONS_SAMEORIGIN:
        response['X-Frame-Options'] = 'SAMEORIGIN'
    elif xframe_options == Page.X_FRAME_OPTIONS_DENY:
        response['X-Frame-Options'] = 'DENY'
    return response

Esempio n. 2

Mostra file

File: page_rendering.py Progetto: nimbis/django-cms

def render_page(request, page, current_language, slug):
    """
    Renders a page
    """
    template_name = get_template_from_request(request, page, no_current_page=True)
    # fill the context
    context = {}
    context["lang"] = current_language
    context["current_page"] = page
    context["has_change_permissions"] = user_can_change_page(request.user, page)
    context["has_view_permissions"] = user_can_view_page(request.user, page)

    if not context["has_view_permissions"]:
        return _handle_no_page(request, slug)

    response = TemplateResponse(request, template_name, context)
    response.add_post_render_callback(set_page_cache)

    # Add headers for X Frame Options - this really should be changed upon moving to class based views
    xframe_options = page.get_xframe_options()
    # xframe_options can be None if there's no xframe information on the page
    # (eg. a top-level page which has xframe options set to "inherit")
    if xframe_options == Page.X_FRAME_OPTIONS_INHERIT or xframe_options is None:
        # This is when we defer to django's own clickjacking handling
        return response

    # We want to prevent django setting this in their middlewear
    response.xframe_options_exempt = True

    if xframe_options == Page.X_FRAME_OPTIONS_ALLOW:
        # Do nothing, allowed is no header.
        return response
    elif xframe_options == Page.X_FRAME_OPTIONS_SAMEORIGIN:
        response["X-Frame-Options"] = "SAMEORIGIN"
    elif xframe_options == Page.X_FRAME_OPTIONS_DENY:
        response["X-Frame-Options"] = "DENY"
    return response