Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Django nginx Refused to display in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'

I have deployed a django web application on a server with nginx and uwsgi. I can access the site perfectly using the ip address.

I purchased a domain name say abc.example.com and pointed it to my ip address. Now when i go the domain name it loads a blank page and throws an error in browser console:

In Chrome:

Refused to display 'ip address' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.

In Mozilla:

Load denied by X-Frame-Options: 'ip address' does not permit cross-origin framing.

The point is I dont have any iframe in my whole Application.

What is this error and how can i solve it?

When i go to application using ip address it works perfectly as it is supposed to be. Then what is the problem with domain? I double checked the settings in dns zone on godaddy but couldn't figure out anything.

like image 358
Manish Gupta Avatar asked Jun 08 '16 06:06

Manish Gupta


People also ask

How do I enable X-Frame-options in Django?

Setting X-Frame-Options per viewhttp import HttpResponse from django. views. decorators. clickjacking import xframe_options_deny from django.

How do I set X-Frame-options to Sameorigin?

Double-click the HTTP Response Headers icon in the feature list in the middle. In the Actions pane on the right side, click Add. In the dialog box that appears, type X-Frame-Options in the Name field and type SAMEORIGIN in the Value field. Click OK to save your changes.


1 Answers

In 'settings.py' file, add these two lines. It may help you.

X_FRAME_OPTIONS = 'ALLOWALL'

XS_SHARING_ALLOWED_METHODS = ['POST','GET','OPTIONS', 'PUT', 'DELETE']
like image 80
J.Jai Avatar answered Sep 21 '22 06:09

J.Jai