Skip to content

Commit

Permalink
Removed X-Frame-Options because it doesn't help with this issue, and …
Browse files Browse the repository at this point in the history 
…is potentially insecure
  • Loading branch information
@york-stsci
york-stsci committed Nov 25, 2024
1 parent 7354f33 commit a2c8a7b
Showing 1 changed file with 0 additions and 4 deletions.
4 changes: 0 additions & 4 deletions jwql/website/jwql_proj/settings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,10 +40,6 @@
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = get_config()['django_debug']

# SECURITY WARNING: This turns the default X_FRAME_OPTIONS value/header from 'DENY' to
# 'SAMEORIGIN', which might potentially allow clickjacking.
X_FRAME_OPTIONS = 'SAMEORIGIN'

ALLOWED_HOSTS = ['*']

# Application definition
Expand Down

0 comments on commit a2c8a7b

Please sign in to comment.