Removing the XFrameOptionsMiddleware is a security issue. Set X_FRAME_OPTIONS to SAMEORIGIN instead #457
Labels
bug
Something isn't working
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
**Bug description **
Removing the XFrameOptionsMiddleware removes the middleware from the entire web application instead of just the concerned views in django admin. This makes the web application less secure and suceptible to clickjacking attacks.
This can be solved by setting the 'X_FRAME_OPTIONS' to 'SAMEORIGIN' instead of removing the middleware.
This way the app stays secure while the simpleui library continues to function correctly
I suggest you also add in the documentation that you are removing the middleware from the settings because it's a very important thing to the security of the web application and people who use your library should be made aware of it.
Another proper way to do this is remove the part of the code where you remove the middleware, and add some steps in the documentation where either the user should remove the middleware himself or add the settings X_FRAME_OPTIONS='SAMEORIGIN'
2.Python Version:3.8
3.Django Version:4.1.2
4.SimpleUI Version:2022.2.16
Description
The text was updated successfully, but these errors were encountered: