Django 报错 Refused to display 'http://127.0.0.1:8000/ in a frame because it set 'X-Frame-Option

2023-12-31 11:52:16

如图:

Django 报错 Refused to display 'http://127.0.0.1:8000/ in a frame because it set 'X-Frame-Option

 

 查看代码:

iframe 链接的地址src = ‘/account/my-image/‘的body是空的

Django 报错 Refused to display 'http://127.0.0.1:8000/ in a frame because it set 'X-Frame-Option

 

查看setting配置,如下:

MIDDLEWARE = [
...
‘django.middleware.clickjacking.XFrameOptionsMiddleware‘,
...
]

上面的内容显示,Django的项目中默认设置了XFrameOptionsMiddleware的中间件,这个设置将对于X-Frame-Options的配置设置成了DENY。
在Django 3.0中,X_FRAME_OPTIONS的默认设置从SAMEORIGIN 变成了DENY。

方式1:指定的网页配置

from django.http import HttpResponse
from django.views.decorators.clickjacking import xframe_options_exempt
from django.views.decorators.clickjacking import xframe_options_deny
from django.views.decorators.clickjacking import xframe_options_sameorigin

@xframe_options_exempt
def view_one(request):
return HttpResponse("This page is safe to load in a frame on any site.")

@xframe_options_deny
def view_two(request):
return HttpResponse("I won‘t display in any frame!")

@xframe_options_sameorigin
def view_three(request):
return HttpResponse("Display in a frame if it‘s from the same origin as me.")

提示:XFrameOptionn 中有三中,DENY  不允许嵌入IFrame、SAME_ORIGIN 运行显示同源iframe、ALLOW_FROM指定地址的iframe

方式2:修改源代码

from django.middleware import clickjacking

Django 报错 Refused to display 'http://127.0.0.1:8000/ in a frame because it set 'X-Frame-Option

 

Django 报错 Refused to display 'http://127.0.0.1:8000/ in a frame because it set 'X-Frame-Option

上一篇:PHP根据不同时间段输出不同的问候语


下一篇:jquery使用ajax