我有一个 django 应用程序,我想在其中将一个embed视图作为 iframe 嵌入任何站点。以为我已经正确配置了这个,因为我将视图设置为@xframe_options_exempt,但我仍然在 Chrome 和 Firefox 中得到一个 x-frame 选项错误。
铬合金:Refused to display 'https://foo.com/embed/...' in a frame because it set 'X-Frame-Options' to 'deny'.
火狐:Load denied by X-Frame-Options: 'https://foo.com/embed/...' does not allow framing
视图.py
from django.shortcuts import render, get_object_or_404, redirect
from django.views.decorators.clickjacking import xframe_options_exempt
@xframe_options_exempt
def embed(request, bar_slug, slug):
embed_object = get_object_or_404(foo, slug=slug)
if embed_object.bar.slug != bar_slug:
raise Http404
embed_url = '{}{}'.format('https://foo.com/embed', embed_object.get_absolute_url())
context = {
'embed_object': embed_object,
'embed_url': embed_url,
'embed_url_encode': urlquote_plus(embed_url),
}
return render(request, 'causes/embed.html', context)
设置.py
MIDDLEWARE_CLASSES = [
'djangosecure.middleware.SecurityMiddleware',
'project.utils.middleware.SiteMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'project.utils.middleware.HoneypotMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
我假设djangosecure.middleware.SecurityMiddleware正在执行 'X-Frame-Options' over @xframe_options_exempt. 我更愿意使用特定于视图的解决方案而不是 set 来解决这个问题X_FRAME_OPTIONS = 'ALLOW'。谢谢