upstream/ipython Commit - r17235:204cfe53

Only allow iframe embedding on same origin.

rgbkrk -

r17235:204cfe53

parent child

IPython/html/base/handlers.py

0 +4 0

                  def set_default_headers(self):
                      headers = self.settings.get('headers', {})
+                     if "X-Frame-Options" not in headers:
+                         headers["X-Frame-Options"] = "SAMEORIGIN"
                      for header_name,value in headers.items() :
                          try:
                              self.set_header(header_name, value)

IPython/html/services/kernels/tests/test_kernels_api.py

0 +2 0

                      self.assertEqual(r.status_code, 201)
                      self.assertIsInstance(kern1, dict)
+                     self.assertEqual(r.headers['x-frame-options'], "SAMEORIGIN")
                      # GET request
                      r = self.kern_api.list()
                      self.assertEqual(r.status_code, 200)

General Comments 0

You need to be logged in to leave comments. Login now

No reviewers

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages