Rendition object (80)

Adjusting X_FRAME_OPTIONS in Django

When you deploy your Django application to production it is recommendable to adjust the with several security settings. One is the X_FRAME_OPTIONS setting, which protects your website against clickjacking.

As I deployed my Django webapp to production I put several security settings in to my Among other things I wanted to protect my website against clickjacking. The clickjacking protection in Django is really easy to use.

First you have to enable the django.middleware.clickjacking.XFrameOptionsMiddleware in the MIDDLEWARE-section of your


To enable the clickjacking protection and deny every outgoing HttpResponse just add the following line in your


Great, it worked as expected. Unfortunately I forgot that I use iframes within my application's backend to open my media list. All I saw now was a blank iframe.

Fortunately, it is possible to define individual rules for certain views. In my case, I only wanted the media list view frameable.

def media_list_select(request):
    return render(request, 'cms/media_list_select.html', {'media': media})

And Tada! The media list was rendered again in the iframe.