X_FRAME_OPTIONS is defaulted to DENY

meeb / tubesync

Syncs YouTube channels and playlists to a locally hosted media server

GNU Affero General Public License v3.0

1.92k stars 121 forks source link

X_FRAME_OPTIONS is defaulted to DENY #51

Closed theoutsider24 closed 3 years ago

theoutsider24 commented 3 years ago

In order to embed WebSync in something like Organizr, X_FRAME_OPTIONS = 'SAMEORIGIN' should probably be used in settings.py to allow iframe embedding

meeb commented 3 years ago

Yep sounds OK given there's no security in TubeSync at the moment and the forms all have Django's default CSRF protection.

meeb commented 3 years ago

Fixed in :latest, will be bundled into the next release.