From 3e224a33a7d08daefb46788595e6ed6e7b83bcb3 Mon Sep 17 00:00:00 2001 From: David Taylor Date: Sat, 8 Oct 2016 17:14:29 +0100 Subject: [PATCH] Try just removing the header, this should work in all browsers --- RIGS/urls.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/RIGS/urls.py b/RIGS/urls.py index 1383558e..ea2681c5 100644 --- a/RIGS/urls.py +++ b/RIGS/urls.py @@ -2,6 +2,7 @@ from django.conf.urls import patterns, include, url from django.contrib.auth.decorators import login_required from RIGS import models, views, rigboard, finance, ical, versioning, forms from django.views.generic import RedirectView +from django.views.decorators.clickjacking import xframe_options_exempt from PyRIGS.decorators import permission_required_with_403 from PyRIGS.decorators import api_key_required @@ -15,7 +16,7 @@ urlpatterns = patterns('', url(r'^closemodal/$', views.CloseModal.as_view(), name='closemodal'), url('^user/login/$', 'RIGS.views.login', name='login'), - url('^user/login/embed/$', allow_embed()(views.login_embed), name='login_embed'), + url('^user/login/embed/$', xframe_options_exempt(views.login_embed), name='login_embed'), url(r'^user/password_reset/$', 'django.contrib.auth.views.password_reset', {'password_reset_form':forms.PasswordReset}), # People @@ -85,7 +86,7 @@ urlpatterns = patterns('', permission_required_with_403('RIGS.view_event', oembed_view="event_oembed")(rigboard.EventDetail.as_view()), name='event_detail'), url(r'^event/(?P\d+)/embed/$', - allow_embed()(permission_required_with_403('RIGS.view_event', login_url='/user/login/embed/')(rigboard.EventEmbed.as_view())), + xframe_options_exempt(permission_required_with_403('RIGS.view_event', login_url='/user/login/embed/')(rigboard.EventEmbed.as_view())), name='event_embed'), url(r'^event/(?P\d+)/oembed_json/$', rigboard.EventOembed.as_view(),