diff options
| author | David Smith <smithdc@gmail.com> | 2025-07-25 10:24:17 +0100 |
|---|---|---|
| committer | nessita <124304+nessita@users.noreply.github.com> | 2025-08-25 10:51:10 -0300 |
| commit | f81e6e3a53ee36e3f730a71aa55a5744982dd016 (patch) | |
| tree | 44a4fdd64e2d1489d80b1af8bd1ac3c7af3ad0dd /docs/ref/clickjacking.txt | |
| parent | 4286a23df64f6ce3b9b6ed097f4d1aac7d9e0de4 (diff) | |
Refs #36485 -- Rewrapped docs to 79 columns line length.
Lines in the docs files were manually adjusted to conform to the
79 columns limit per line (plus newline), improving readability and
consistency across the content.
Diffstat (limited to 'docs/ref/clickjacking.txt')
| -rw-r--r-- | docs/ref/clickjacking.txt | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/docs/ref/clickjacking.txt b/docs/ref/clickjacking.txt index 8e98bac5ee..8120dd16e9 100644 --- a/docs/ref/clickjacking.txt +++ b/docs/ref/clickjacking.txt @@ -15,13 +15,14 @@ have loaded in a hidden frame or iframe. An example of clickjacking ========================== -Suppose an online store has a page where a logged-in user can click "Buy Now" to -purchase an item. A user has chosen to stay logged into the store all the time -for convenience. An attacker site might create an "I Like Ponies" button on one -of their own pages, and load the store's page in a transparent iframe such that -the "Buy Now" button is invisibly overlaid on the "I Like Ponies" button. If the -user visits the attacker's site, clicking "I Like Ponies" will cause an -inadvertent click on the "Buy Now" button and an unknowing purchase of the item. +Suppose an online store has a page where a logged-in user can click "Buy Now" +to purchase an item. A user has chosen to stay logged into the store all the +time for convenience. An attacker site might create an "I Like Ponies" button +on one of their own pages, and load the store's page in a transparent iframe +such that the "Buy Now" button is invisibly overlaid on the "I Like Ponies" +button. If the user visits the attacker's site, clicking "I Like Ponies" will +cause an inadvertent click on the "Buy Now" button and an unknowing purchase of +the item. .. _clickjacking-prevention: @@ -93,8 +94,8 @@ that tells the middleware not to set the header:: Setting ``X-Frame-Options`` per view ------------------------------------ -To set the ``X-Frame-Options`` header on a per view basis, Django provides these -decorators:: +To set the ``X-Frame-Options`` header on a per view basis, Django provides +these decorators:: from django.http import HttpResponse from django.views.decorators.clickjacking import xframe_options_deny |