We help IT Professionals succeed at work.

django - add iframe element containing source url of my web page inside another site

I want to add iframe with source url of my own a web page - inside another site page.

but my page is not being displayed inside the iframe, I'm getting error in the browser console:
Refused to display 'http://my.site.com/page/' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.

I've tried to set django x-frame-options, and this is my view:
from django.views.decorators.clickjacking import xframe_options_exempt

def ok_to_load_in_a_frame(request):
    return render_to_response('test.html', {},  context_instance=RequestContext(request))

but it doesn't work for some reason... any idea?

Watch Question

Top Expert 2015

I doubt you get much help exploiting XSS vulnerability in other site.


It seems that you didn't understand my question...

the way of adding iframe to another site - this is not the problem, and it's not an  attack on the site,
it's a chrome extension button that add something to the current page, temporary...
I'm not doing any harm to the site, it's a feature being executed by the user on the current instance of the page.

Any way, the question is not how to add iframe, but how to disable my web server default security,
and allow my web page to be displayed inside another page...
the solution was manually setting the X-Frame-Options of the response:
response['X-Frame-Options'] = "EXEMPT"


eventually I solved it..