我做了一个有一个页面的页面iframe.在内部,iframe我想显示多个不同的链接,如来自Facebook,新闻,或YouTube视频或任何其他可能的URL的文章.但是,由于Xframe标头,我无法这样做.我提到了以下链接:https:
//docs.djangoproject.com/en/1.8/ref/clickjacking/
和
Django XFrameOptionsMiddleware(X-Frame-Options) - 通过客户端IP允许iframe
但没有得到任何帮助.
我的settings.py文件MIDDLEWARE_CLASSES是:
MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
)
从http://django-secure.readthedocs.org/en/latest/middleware.html,我发现使用装饰器@frame_deny_exempt我的问题可以解决.不过,我在chrome控制台中遇到了同样的错误,即
Refused to display '<URL>' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN, SAMEORIGIN'.
对此有何帮助?
我有以下基于 Node-Express 的功能:
//function on server side
app.get('/loginCheck', loggedCheck, function(req, res) {
var data = {local: {}, facebook: {}};
data.id = req.user._id;
data.local.email = req.user.local.email;
data.local.fname = req.user.local.fname;
data.local.lname = req.user.local.lname ;
data.local.college = req.user.local.college ;
data.local.degree = req.user.local.degree ;
data.year = req.user.year ;
data.mobile = req.user.mobile ;
data.city = req.user.city ;
data.facebook.id = req.user.facebook.id ;
//res.json(data);
var x = {};
x.name = "someName"
res.json(x);
})
以下是客户端发出ajax请求的代码:
//function on client side making an ajax request
$.get("/loginCheck",function(data,status){
console.log(data);
});
在前面的服务器端代码中,req.user …
clickjacking ×1
django ×1
iframe ×1
javascript ×1
json ×1
mongodb ×1
mongoose ×1
node.js ×1
python ×1