Revert "Added decorator for X-Frame header"

This reverts commit 8a838aa4bd.
2026-01-17 05:22:16 +00:00 · 2016-10-08 17:19:35 +01:00
parent 511ce554b1
commit 73b8ce4add
2 changed files with 3 additions and 14 deletions
--- a/PyRIGS/decorators.py
+++ b/PyRIGS/decorators.py
@@ -4,17 +4,6 @@ from django.template import RequestContext
 from django.http import HttpResponseRedirect
 from django.core.urlresolvers import reverse

-def allow_embed():
-    # using django.views.decorators.clickjacking.xframe_options_exempt removes the header
-    # Safari has differnet defaults to other browsers, so we have to set it explicitly
-    def headers_wrapper(fun):
-        def wrapped_function(*args, **kwargs):
-            response = fun(*args, **kwargs)
-            response['X-Frame-Options'] = "ALLOW"
-            return response
-        return wrapped_function
-    return headers_wrapper
-
 def user_passes_test_with_403(test_func, login_url=None, oembed_view=None):
    """
    Decorator for views that checks that the user passes the given test.
--- a/RIGS/urls.py
+++ b/RIGS/urls.py
@@ -2,10 +2,10 @@ from django.conf.urls import patterns, include, url
 from django.contrib.auth.decorators import login_required
 from RIGS import models, views, rigboard, finance, ical, versioning, forms
 from django.views.generic import RedirectView
+from django.views.decorators.clickjacking import xframe_options_exempt

 from PyRIGS.decorators import permission_required_with_403
 from PyRIGS.decorators import api_key_required
-from PyRIGS.decorators import allow_embed

 urlpatterns = patterns('',
                       # Examples:
@@ -15,7 +15,7 @@ urlpatterns = patterns('',
                       url(r'^closemodal/$', views.CloseModal.as_view(), name='closemodal'),

                       url('^user/login/$', 'RIGS.views.login', name='login'),
-                       url('^user/login/embed/$', allow_embed()(views.login_embed), name='login_embed'),
+                       url('^user/login/embed/$', xframe_options_exempt(views.login_embed), name='login_embed'),
                       url(r'^user/password_reset/$', 'django.contrib.auth.views.password_reset', {'password_reset_form':forms.PasswordReset}),

                       # People
@@ -85,7 +85,7 @@ urlpatterns = patterns('',
                           permission_required_with_403('RIGS.view_event', oembed_view="event_oembed")(rigboard.EventDetail.as_view()),
                           name='event_detail'),
                       url(r'^event/(?P<pk>\d+)/embed/$',
-                           allow_embed()(permission_required_with_403('RIGS.view_event', login_url='/user/login/embed/')(rigboard.EventEmbed.as_view())),
+                           xframe_options_exempt(permission_required_with_403('RIGS.view_event', login_url='/user/login/embed/')(rigboard.EventEmbed.as_view())),
                           name='event_embed'),
                       url(r'^event/(?P<pk>\d+)/oembed_json/$',
                           rigboard.EventOembed.as_view(),