Clickjacking protection stops bad websites from tricking users into clicking hidden buttons on your site. It keeps your site safe and users confident.
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
# other middleware
]
# Or in views:
from django.views.decorators.clickjacking import xframe_options_deny
@xframe_options_deny
def my_view(request):
# view code
passThe XFrameOptionsMiddleware adds headers to block framing by default.
You can also use decorators like @xframe_options_deny on specific views.
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
# other middleware
]my_view view.from django.http import HttpResponse from django.views.decorators.clickjacking import xframe_options_deny @xframe_options_deny def my_view(request): return HttpResponse('No framing allowed')
from django.http import HttpResponse from django.views.decorators.clickjacking import xframe_options_sameorigin @xframe_options_sameorigin def my_view(request): return HttpResponse('Allowed only from same origin')
This simple Django view returns a message and denies any framing to protect against clickjacking.
from django.http import HttpResponse from django.views.decorators.clickjacking import xframe_options_deny @xframe_options_deny def home(request): return HttpResponse('Welcome to safe site!')
Remember to add 'django.middleware.clickjacking.XFrameOptionsMiddleware' to your MIDDLEWARE list for site-wide protection.
You can choose different headers like DENY, SAMEORIGIN, or allow framing selectively with decorators.
Test your site in browser DevTools Network tab to see the X-Frame-Options header in responses.
Clickjacking protection stops other sites from embedding your pages in frames.
Use Django's middleware or decorators to add the right headers easily.
This helps keep your users safe from hidden click tricks.