From: Stephen Finucane <stephen@that.guru>
Date: Thu, 18 May 2017 20:23:59 +0000 (+0100)
Subject: settings: Enable 'XFrameOptionsMiddleware'
X-Git-Tag: v2.0.0-rc2~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7ed81278049d42dd4206235247346711e0e74fc5;p=thirdparty%2Fpatchwork.git

settings: Enable 'XFrameOptionsMiddleware'

This provides basic click jacking protection. This was identified using
'manage.py check --deploy'.

Signed-off-by: Stephen Finucane <stephen@that.guru>
---

diff --git a/patchwork/settings/base.py b/patchwork/settings/base.py
index 8776a5ed..fb6a7657 100644
--- a/patchwork/settings/base.py
+++ b/patchwork/settings/base.py
@@ -32,6 +32,7 @@ _MIDDLEWARE_CLASSES = [
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
+    'django.middleware.clickjacking.XFrameOptionsMiddleware',
 ]
 
 if django.VERSION >= (1, 7):