django-tinymce4-lite icon indicating copy to clipboard operation
django-tinymce4-lite copied to clipboard

Published 20 hours ago verified publisher icon romanvm

X-Frame-Options: “DENY”

Open gusarg81 opened this issue 4 years ago • 4 comments

Hi,

Today I've upgraded django-filebrowser (3.13.1), django-tinymce4-lite (1.8.0) and Django (to version 3.0) and when I try to open the filebrowser from tinymce, the browser (tested with Firefox and Chrome) denies it with this message.

Now, using filebrowser from Django admin this problems is not present.

EDIT1: tested only in development environment with DEBUG enabled, not in production for obvious reasons.

EDIT2: adding X_FRAME_OPTIONS = 'SAMEORIGIN' to settings.py solved the problem for now.

Any ideas, or what I am missing? Thanks.

gusarg81 avatar Jun 02 '20 02:06 gusarg81

Your solution is correct. See here: https://docs.djangoproject.com/en/3.0/ref/settings/#x-frame-options

romanvm avatar Jun 02 '20 04:06 romanvm

python manage.py check --deploy still raises a warning with SAMEORIGIN, which needs to be silenced in settings.py.

merwok avatar Jun 02 '20 13:06 merwok

Your solution is correct. See here: https://docs.djangoproject.com/en/3.0/ref/settings/#x-frame-options

Yeah, Done that on Edit.

Now, besides this, why load the filebrowser in a frame? Why not, for example, using ajax if possible? (I didn't saw the code, so I am just guessing here).

gusarg81 avatar Jun 02 '20 17:06 gusarg81

Now, besides this, why load the filebrowser in a frame? Why not, for example, using ajax if possible? (I didn't saw the code, so I am just guessing here).

File management UI is provided by django-filebrowser-no-grappelli that is a separate package from another developer.

romanvm avatar Jun 04 '20 07:06 romanvm