There are two instances of django.middleware.clickjacking.XFrameOptionsMiddleware in trix/project/default/settings.py; judging from Django's documentation the first instance (line 66) should be removed.
Edit: we actually want to remove both instances django.middleware.clickjacking.XFrameOptionsMiddleware since its inclusion trumps the changes in #140; from the documentation:
By default, the middleware will set the X-Frame-Options header to DENY for every outgoing HttpResponse.
Levijatan
commented
7 months ago
There are two instances of
django.middleware.clickjacking.XFrameOptionsMiddlewareintrix/project/default/settings.py; judging from Django's documentation the first instance (line 66) should be removed.Edit: we actually want to remove both instances
django.middleware.clickjacking.XFrameOptionsMiddlewaresince its inclusion trumps the changes in #140; from the documentation: