79496464

Date: 2025-03-09 19:25:23
Score: 1.5
Natty:
Report link

I'm facing the same problem. It can be "solved" by setting your X-Frame-Options.

Solution:

In your settings.py OR base.py, add the following:
X_FRAME_OPTIONS = "SAMEORIGIN"

References:

https://docs.djangoproject.com/en/5.1/ref/clickjacking/

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

Considerations:

Caution!!. I'm not sure about the consequences of doing this, as the docs provided don't explain it a lot.

I would be less concerned if we could manage this with frame-ancestors instead of x_frame_options.

Check: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors

It also would be great if Wagtail devs add a way to configure this using django xframe decorators.

Reasons:
  • Blacklisted phrase (1): m facing the same problem
  • Whitelisted phrase (-2): Solution:
  • Long answer (-0.5):
  • Has code block (-0.5):
  • Me too answer (2.5): I'm facing the same problem
  • Low reputation (1):
Posted by: Blimblim