XFrameOptionsMiddleware
Set the X-Frame-Options HTTP header in HTTP responses.
Constructor
Signature
def XFrameOptionsMiddleware(
get_response: callable
) - > null
Parameters
| Name | Type | Description |
|---|---|---|
| get_response | callable | The next middleware or view in the chain to be called. |
Methods
process_response()
@classmethod
def process_response(
request: [HttpRequest](../../http/request/httprequest.md?sid=django_http_request_httprequest),
response: [HttpResponse](../../http/response/httpresponse.md?sid=django_http_response_httpresponse)
) - > [HttpResponse](../../http/response/httpresponse.md?sid=django_http_response_httpresponse)
Applies the X-Frame-Options header to the outgoing HTTP response if it is not already present and the response has not been explicitly exempted.
Parameters
| Name | Type | Description |
|---|---|---|
| request | [HttpRequest](../../http/request/httprequest.md?sid=django_http_request_httprequest) | The incoming HTTP request object. |
| response | [HttpResponse](../../http/response/httpresponse.md?sid=django_http_response_httpresponse) | The outgoing HTTP response object to be processed. |
Returns
| Type | Description |
|---|---|
[HttpResponse](../../http/response/httpresponse.md?sid=django_http_response_httpresponse) | The modified HTTP response object containing the security header if applicable. |
get_xframe_options_value()
@classmethod
def get_xframe_options_value(
request: [HttpRequest](../../http/request/httprequest.md?sid=django_http_request_httprequest),
response: [HttpResponse](../../http/response/httpresponse.md?sid=django_http_response_httpresponse)
) - > string
Get the value to set for the X_FRAME_OPTIONS header. Use the value from the X_FRAME_OPTIONS setting, or 'DENY' if not set.
Parameters
| Name | Type | Description |
|---|---|---|
| request | [HttpRequest](../../http/request/httprequest.md?sid=django_http_request_httprequest) | The incoming HTTP request object, used for contextual evaluation if overridden. |
| response | [HttpResponse](../../http/response/httpresponse.md?sid=django_http_response_httpresponse) | The outgoing HTTP response object, used for contextual evaluation if overridden. |
Returns
| Type | Description |
|---|---|
string | The uppercase string value to be used for the X-Frame-Options header, such as 'DENY' or 'SAMEORIGIN'. |