There are two instances of django.middleware.clickjacking.XFrameOptionsMiddleware in trix/project/default/settings.py; judging from Django's documentation the first instance (line 66) should be removed.
Edit: we actually want to remove both instances django.middleware.clickjacking.XFrameOptionsMiddleware since its inclusion trumps the changes in #140; from the documentation:
By default, the middleware will set the X-Frame-Options header to DENY for every outgoing HttpResponse.
There are two instances of
django.middleware.clickjacking.XFrameOptionsMiddleware
intrix/project/default/settings.py
; judging from Django's documentation the first instance (line 66) should be removed.Edit: we actually want to remove both instances
django.middleware.clickjacking.XFrameOptionsMiddleware
since its inclusion trumps the changes in #140; from the documentation: