arona/PyRIGS
1
0
Fork 0
mirror of https://github.com/nottinghamtec/PyRIGS.git synced 2026-01-28 10:52:16 +00:00
Code Issues Projects Releases Wiki Activity

Added decorator for X-Frame header

Browse Source
This commit is contained in:
David Taylor
2016-10-07 02:51:08 +01:00
parent 7e379b33db
commit 8a838aa4bd
2 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
PyRIGS/decorators.py
View File

@@ -4,6 +4,17 @@ from django.template import RequestContext
from django.http import HttpResponseRedirect from django.http import HttpResponseRedirect
from django.core.urlresolvers import reverse from django.core.urlresolvers import reverse
def allow_embed():
# using django.views.decorators.clickjacking.xframe_options_exempt removes the header
# Safari has differnet defaults to other browsers, so we have to set it explicitly
def headers_wrapper(fun):
def wrapped_function(*args, **kwargs):
response = fun(*args, **kwargs)
response['X-Frame-Options'] = "ALLOW"
return response
return wrapped_function
return headers_wrapper
def user_passes_test_with_403(test_func, login_url=None, oembed_view=None): def user_passes_test_with_403(test_func, login_url=None, oembed_view=None):
""" """
Decorator for views that checks that the user passes the given test. Decorator for views that checks that the user passes the given test.

6
RIGS/urls.py
View File

@@ -2,10 +2,10 @@ from django.conf.urls import patterns, include, url
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required
from RIGS import models, views, rigboard, finance, ical, versioning, forms from RIGS import models, views, rigboard, finance, ical, versioning, forms
from django.views.generic import RedirectView from django.views.generic import RedirectView
from django.views.decorators.clickjacking import xframe_options_exempt
from PyRIGS.decorators import permission_required_with_403 from PyRIGS.decorators import permission_required_with_403
from PyRIGS.decorators import api_key_required from PyRIGS.decorators import api_key_required
from PyRIGS.decorators import allow_embed
urlpatterns = patterns('', urlpatterns = patterns('',
# Examples: # Examples:
@@ -15,7 +15,7 @@ urlpatterns = patterns('',
url(r'^closemodal/$', views.CloseModal.as_view(), name='closemodal'), url(r'^closemodal/$', views.CloseModal.as_view(), name='closemodal'),
url('^user/login/$', 'RIGS.views.login', name='login'), url('^user/login/$', 'RIGS.views.login', name='login'),
url('^user/login/embed/$', xframe_options_exempt(views.login_embed), name='login_embed'), url('^user/login/embed/$', allow_embed()(views.login_embed), name='login_embed'),
url(r'^user/password_reset/$', 'django.contrib.auth.views.password_reset', {'password_reset_form':forms.PasswordReset}), url(r'^user/password_reset/$', 'django.contrib.auth.views.password_reset', {'password_reset_form':forms.PasswordReset}),
# People # People
@@ -85,7 +85,7 @@ urlpatterns = patterns('',
permission_required_with_403('RIGS.view_event', oembed_view="event_oembed")(rigboard.EventDetail.as_view()), permission_required_with_403('RIGS.view_event', oembed_view="event_oembed")(rigboard.EventDetail.as_view()),
name='event_detail'), name='event_detail'),
url(r'^event/(?P<pk>\d+)/embed/$', url(r'^event/(?P<pk>\d+)/embed/$',
xframe_options_exempt(permission_required_with_403('RIGS.view_event', login_url='/user/login/embed/')(rigboard.EventEmbed.as_view())), allow_embed()(permission_required_with_403('RIGS.view_event', login_url='/user/login/embed/')(rigboard.EventEmbed.as_view())),
name='event_embed'), name='event_embed'),
url(r'^event/(?P<pk>\d+)/oembed_json/$', url(r'^event/(?P<pk>\d+)/oembed_json/$',
rigboard.EventOembed.as_view(), rigboard.EventOembed.as_view(),