Skip to content

Commit

Permalink
fix: allow cross-origin popups to access opener's browser context
Browse files Browse the repository at this point in the history
  • Loading branch information
@angela-tran
angela-tran committed Jul 18, 2022
1 parent bc63702 commit 1491c30
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions benefits/settings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,7 @@ def _filter_empty(ls):
SESSION_COOKIE_SECURE = True

SECURE_BROWSER_XSS_FILTER = True
SECURE_CROSS_ORIGIN_OPENER_POLICY = "same-origin-allow-popups"

# the NGINX reverse proxy sits in front of the application in deployed environments
# SSL terminates before getting to Django, and NGINX adds this header to indicate
Expand Down

0 comments on commit 1491c30

Please sign in to comment.