1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
from functools import wraps
from asgiref.sync import iscoroutinefunction
def xframe_options_deny(view_func):
"""
Modify a view function so its response has the X-Frame-Options HTTP
header set to 'DENY' as long as the response doesn't already have that
header set. Usage:
@xframe_options_deny
def some_view(request):
...
"""
if iscoroutinefunction(view_func):
async def _view_wrapper(*args, **kwargs):
response = await view_func(*args, **kwargs)
if response.get("X-Frame-Options") is None:
response["X-Frame-Options"] = "DENY"
return response
else:
def _view_wrapper(*args, **kwargs):
response = view_func(*args, **kwargs)
if response.get("X-Frame-Options") is None:
response["X-Frame-Options"] = "DENY"
return response
return wraps(view_func)(_view_wrapper)
def xframe_options_sameorigin(view_func):
"""
Modify a view function so its response has the X-Frame-Options HTTP
header set to 'SAMEORIGIN' as long as the response doesn't already have
that header set. Usage:
@xframe_options_sameorigin
def some_view(request):
...
"""
if iscoroutinefunction(view_func):
async def _view_wrapper(*args, **kwargs):
response = await view_func(*args, **kwargs)
if response.get("X-Frame-Options") is None:
response["X-Frame-Options"] = "SAMEORIGIN"
return response
else:
def _view_wrapper(*args, **kwargs):
response = view_func(*args, **kwargs)
if response.get("X-Frame-Options") is None:
response["X-Frame-Options"] = "SAMEORIGIN"
return response
return wraps(view_func)(_view_wrapper)
def xframe_options_exempt(view_func):
"""
Modify a view function by setting a response variable that instructs
XFrameOptionsMiddleware to NOT set the X-Frame-Options HTTP header. Usage:
@xframe_options_exempt
def some_view(request):
...
"""
if iscoroutinefunction(view_func):
async def _view_wrapper(*args, **kwargs):
response = await view_func(*args, **kwargs)
response.xframe_options_exempt = True
return response
else:
def _view_wrapper(*args, **kwargs):
response = view_func(*args, **kwargs)
response.xframe_options_exempt = True
return response
return wraps(view_func)(_view_wrapper)
|
