I have a Python Django app running on https://dj-node-project.herokuapp.com/catalog/, when I put this into an iframe, I'm seeing a blank page. Do I need to enable "iframe" settings on Heroku?
<iframe src="https://dj-node-project.herokuapp.com/catalog/">
<p>Your browser does not support iframes.</p>
</iframe>
you can remove middleware as mentioned below
and you can also use decorator
from django.views.decorators.clickjacking import xframe_options_exempt
#xframe_options_exempt
def ok_to_load_in_a_frame(request):
Django not allow to use django website as Iframe tag. because django have middleware
'django.middleware.clickjacking.XFrameOptionsMiddleware',
that not allowed to load django site to another website using iframe tag. it check SAMEORIGIN when page loaded.
you have
Read full about this topic https://docs.djangoproject.com/en/1.11/ref/clickjacking/
Related
I need to fully load my website inside an iframe, so I deleted clickjacking middleware but after that, I got 403 code status and CSRF exception, how I can fix this to allow load my website inside iframe?
You don't need to fully disable the middleware, you can disable it for a specific view using #xframe_options_exempt.
See: https://docs.djangoproject.com/en/3.2/ref/clickjacking/
I have created a project which is working nicely.
I have a login page, signup page and profile page (as myspace). I just want to add an additional funtionality to my login page which is a user can login using google, fb, or instagram. but when i added the django-allauth to my project. it overwrite the existing login page.
I just want to add an icon of google login. and not the whole page how i can do so.
my login page looks like this earlier and at bottom i added a google icon in which i want to add the functionality of auth app
login pages is looking like this for now
Update:-
what i thought is how django-allauth works, that i just need to add a url in login page with <a href > tag with 'allauth/google' or something like this.
what i see is i need to add a new path in urls.py for allauth which automatically create a login, signup and profile page.
problem which i figure out is
I have an accounts_app app in my project. the url for accounts_app is same as allauth thats why it overwrite the template
url.py of camorid_project
urlpatterns = [
path('', include('camroid_app.urls')),
path('accounts_app/', include('accounts_app.urls')), -----i want to add allauth functionality to this url
path('accounts/', include('allauth.urls')), -------------i don't want to add this because it create an inbuilt templates
path('admin/', admin.site.urls),
]
what i want is i don't want to change login, signup and myspace page and i want to add icon in my login page with google login on click of which a user would be able login to the website.
in your login.html add {% load socialaccount %}
and then <a href="{% provider_login_url 'google' %}"</a>
this link will make you login with google api.
and you can style the button if you wnat..
I have a new Django app with REST endpoints and static html page that triggers XMLHttpRequest REST queries. POSTs fail with "CSRF cookie not set.".
If I open a client debugger, document.cooke returns "". AFAIK, this should have "csrftoken".
In settings.py, MIDDLEWARE_CLASSES contains 'django.middleware.csrf.CsrfViewMiddleware' by default. Any idea what might be wrong?
Add ensure_csrf_cookie decorator to your view.
https://docs.djangoproject.com/en/1.9/ref/csrf/#django.views.decorators.csrf.ensure_csrf_cookie
If that doesn't help you might want to read these docs
https://docs.djangoproject.com/en/1.9/ref/csrf/#ajax
I am working on a project that uses Django and Angular. I do not have a background as a web developer so please try to explain your answer so that a novice person can understand it.
Basically I want to make it so that the login page is the default page instead of the index page.
I currently have the following url handler in my main Django project urls.py:
url(r'^$', 'core.views.generic.index')
I also have another urls.py in an app called core that sends visitors to the login page:
url(r'^/login$', private.MeLogin.as_view())
Now I want the login page to become the default page instead if the index page. How can I do that?
I have tried adding the following the the views file in the core app:
#login_required(redirect_field_name='', login_url='#/login')
def index(request):
return render_to_response('html/index.html', locals(), context_instance=RequestContext(request))
Unfortunately I get the message
This webpage has a redirect loop
I do not know how to solve this problem. Basically I want users to be redirected to the login page if they enter any URL that is not handled by other URL handlers. When they successfully log in they are redirected to a dashboard page automatically.
EDIT:
The login page URL is handled in the core urls.py file and points to a different view than index.
url(r'^/login$', private.MeLogin.as_view())
Web servers, in this case Django, do not see the fragment after the #. You are redirecting from / to /, creating a redirect loop.
If you want to redirect to the Django login url, you need login_url='/login'.
As an aside, you should remove the leading slash from your regex r'^/login$.
In #login_required(redirect_field_name='', login_url='#/login')
remove redirect_field_name='', it really is not neccessary and make sure that #/login in login_url='#/login is the same as in your url.py file:
like
views.py
#login_required(redirect_field_name='', login_url='accounts/login/')
as
url.py
url(r'^accounts/login/', auth_views.login),
I assume your Angular & Django apps are running in two seperate ports, like:
Django on port 8000
Angular on port 1000
So if you give /#/login it will redirect for the same with Django port (8000/#/login).
So why don't you give the full URL www.example.com/#/login?
I have a Django site set up with the home page being home.html. Within home.html is a modal that is set to open automatically a few seconds after the home page loads. Within the modal is an iframe that should display template1.html. However when the modal comes up I have a 404 and I'm told the page didn't match the url patterns I defined. I'm not entirely sure where or how I go about getting template1.html to display in the iframe. The user isn't clicking on the main page to bring up a new template, which is how I'm familiar with using Django. Do I need to create another url pattern or view to achieve this or am I way off? Here are my files:
urls.py:
from django.conf.urls.defaults import patterns, url
from disease import views
urlpatterns = patterns('',
url(r'^$', views.home, name='disease_home'),
url(r'^disease/(?P<pk>\d+)/$', 'disease.views.disease', name='disease_disease'),
url(r'^treatment/(?P<pk>\d+)$', views.treatment, name='disease_treatment'),
home.html modal:
<div id="challengeModal" class="reveal-modal xlarge">
< iframe seamless scrolling="no" src="challenge1.html" name="challenge1"
id="challenge1"></iframe>
< /div>
views.py:
def home(request):
return render(request, "disease/home.html")`
Other views return the second template, template2.html, based on actions in template1.html
Thanks!
The short answer is Yes, you'll need both another url pattern AND a view for your iframe. An iframe is pretty much treated like an embedded browser window, it will make its own request to the server.
iframe src is just a url to a resource.
For example you could load your treatment page into it using
<iframe src="/treatment/1/"></iframe>
You will need to create a view to serve your challenge1.html template and an url to route to that view