From 4a19bd1971bf0491e2d73bf857edb7d1b85dcf42 Mon Sep 17 00:00:00 2001
From: PCoder <purple.coder@yahoo.co.uk>
Date: Wed, 18 Jul 2018 21:48:39 +0200
Subject: [PATCH] Set X_FRAME_OPTIONS from env

---
 dynamicweb/settings/base.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/dynamicweb/settings/base.py b/dynamicweb/settings/base.py
index 75dfaa73..d526881f 100644
--- a/dynamicweb/settings/base.py
+++ b/dynamicweb/settings/base.py
@@ -702,6 +702,12 @@ if ENABLE_LOGGING:
 TEST_MANAGE_SSH_KEY_PUBKEY = env('TEST_MANAGE_SSH_KEY_PUBKEY')
 TEST_MANAGE_SSH_KEY_HOST = env('TEST_MANAGE_SSH_KEY_HOST')
 
+X_FRAME_OPTIONS_ALLOW_FROM_URI = env('X_FRAME_OPTIONS_ALLOW_FROM_URI')
+X_FRAME_OPTIONS = ('SAMEORIGIN' if X_FRAME_OPTIONS_ALLOW_FROM_URI is None else
+                   'ALLOW-FROM {}'.format(
+                       X_FRAME_OPTIONS_ALLOW_FROM_URI.strip()
+                   ))
+
 DEBUG = bool_env('DEBUG')
 
 if DEBUG: