Eua*_*lar 6 django x-frame-options python-2.7 box
我有一个我在Django 1.8中构建的网站,必须加载一个Box.com iframe.但是它没有在Chrome中加载,我得到了x-frame-options SAMEORIGIN错误.
但我添加了以下中间件类:
MIDDLEWARE_CLASSES = (
# Default Django middleware.
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.locale.LocaleMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
)
并在我的views.py中添加了xframe_options_exempt装饰器,如下所示:
@api_view(['GET'])
@xframe_options_exempt
def category_list(request):
"""
List all categories.
"""
if request.method == 'GET':
categories = Category.objects.order_by('-category_type')
serializer = CategorySerializer(categories, many=True)
return Response(serializer.data)
另外,我尝试添加以下设置,但没有运气:
X_FRAME_OPTIONS = 'ALLOW-FROM https://app.box.com/'
任何人都可以帮我发现为什么这仍然不允许页面加载?我是否还需要在urls.py中添加装饰器功能?
from django.views.decorators.clickjacking import xframe_options_exempt
urlpatterns = patterns('base.views',
url(r'^categories$', xframe_options_exempt(category_list)),
)
非常感谢您的帮助.