Fixed #24896 -- Doc'd clickjacking protection doesn't overwrite X-Frame-Options header.

author: Simeon J Morgan <smorgan@digitalfeed.net> 2015-06-02 14:11:01 +1000
committer: Tim Graham <timograham@gmail.com> 2015-06-02 09:01:38 -0400
commit: 0b5fb8e72c74e41d250f35c8c3df3f3a13d367f3 (patch)
tree: 1dad023f53115538a0758fbcd141e22dc902c894 /docs/ref
parent: 44f3ee77166bd5c0e8a4604f2d96015268dce100 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/docs/ref/clickjacking.txt b/docs/ref/clickjacking.txt
index b7ba915eee..06d264c115 100644
--- a/docs/ref/clickjacking.txt
+++ b/docs/ref/clickjacking.txt
@@ -45,6 +45,9 @@ site:
 2. A set of view decorators that can be used to override the middleware or to
    only set the header for certain views.
 
+The ``X-Frame-Options`` HTTP header will only be set by the middleware or view
+decorators if it is not already present in the response.
+
 How to use it
 =============
author	Simeon J Morgan <smorgan@digitalfeed.net>	2015-06-02 14:11:01 +1000
committer	Tim Graham <timograham@gmail.com>	2015-06-02 09:01:38 -0400
commit	0b5fb8e72c74e41d250f35c8c3df3f3a13d367f3 (patch)
tree	1dad023f53115538a0758fbcd141e22dc902c894 /docs/ref
parent	44f3ee77166bd5c0e8a4604f2d96015268dce100 (diff)