Complete the code to add clickjacking protection middleware in Django settings.
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
[1],
'django.middleware.common.CommonMiddleware',
]The XFrameOptionsMiddleware is the middleware that adds clickjacking protection by setting the X-Frame-Options header.
Complete the code to set the X-Frame-Options header to deny all framing.
X_FRAME_OPTIONS = [1]Setting X_FRAME_OPTIONS to "DENY" prevents any site from framing your pages, protecting against clickjacking.
Fix the error in the middleware list to correctly protect against clickjacking.
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
[1],
'django.middleware.common.CommonMiddleware',
]The correct middleware name is 'django.middleware.clickjacking.XFrameOptionsMiddleware'. The other options have typos causing errors.
Fill both blanks to set X-Frame-Options to allow framing only from the same origin.
X_FRAME_OPTIONS = [1] # Common allowed host for development ALLOWED_HOSTS = [[2]]
Setting X_FRAME_OPTIONS to "SAMEORIGIN" allows framing only from the same site. "localhost" is a common allowed host during development.
Fill all three blanks to create a custom middleware that sets X-Frame-Options header to SAMEORIGIN.
from django.utils.deprecation import MiddlewareMixin class ClickjackingProtectionMiddleware(MiddlewareMixin): def process_response(self, request, response): response[[1]] = [2] return response # Add this middleware to settings MIDDLEWARE list as [3]
The header name is "X-Frame-Options". The value "SAMEORIGIN" allows framing only from the same site. The custom middleware class name is 'ClickjackingProtectionMiddleware' to add in settings.