Solution 1 :

Try adding this to


By default, the X-Frame-Options are set to Deny

This may not be your problem, as there are many things that could be causing this, such as CSP. Difficult to say for sure without my information.

Solution 2 :

First good to mention the documentation of the django-csp Configuring django-csp

Try to do first what’s bones225 mentioned.
Esure header X-Frame-Options "SAMEORIGIN'; Note, you can check all your current headers in Response Headers in the Web Developer Tools (chrome: Network -> Name -> click on html page -> Headers will open on right side )

You may have directive CSP_DEFAULT_SRC = ("'self'") in place and no CSP_FRAME_SRC set.
Then add CSP_FRAME_SRC = ('localhost:8000') too.

Problem :

The iframe displays that it cannot connect. I’ve tried using the default @xframe_options_exempt decorator on the view, aswell as django-csp’s @csp_exempt to no avail.

The console errors given are:

Refused to display 'http://localhost:8000/new_pull/' in a frame because it set 'X-Frame-Options' to 'deny'.

Failed to load resource: the server responded with a status of 404 (Not Found)


def new_pull(request):
    """Create a new pull request"""

    if request.method != 'POST':
        # No data submitted; create a blank form
        form = PullForm()
        # POST data submitted; process data
        form = PullForm(data=request.POST)
        if form.is_valid():
            new_pull =
            new_pull.owner = request.user

    # Display a blank or invalid form.
    context = {'form': form}
    return render(request, 'learning_logs/new_pull.html', context)


    {% if user.is_authenticated %}

        <iframe src="{% url 'learning_logs:new_pull' %}" title="Pull request Iframe"></iframe>
        <iframe src="learning_logs/new_pull.html" title="Pull request Iframe"></iframe>
    {% endif %}


<div class="pull container text-center border-top mt-5">
    <h5 class="mt-2">Pull request</h5>

    <p>New pull request:</p>
     <form action="{% url 'learning_logs:new_pull' %}" method='post'>
        {% csrf_token %}
        {% bootstrap_form form %}

        {% buttons %}
        <button name="submit" class="btn btn-green pl-2 pr-2">
            <i class="fas fa-plus-circle"></i>
            Create pull
        {% endbuttons %}
        <input type="hidden" name="next"
        value="{% url 'learning_logs:bug_tracker' %}" />



Comment posted by bones225

I believe you are providing the wrong information in your question. This seems like it is an HTML question — not a Django question. I do not think your Python code is relevant here. Instead, post your console error message exactly as written that tells you you cannot load the iframe.

Comment posted by pyknight202

Thanks, I’ve added that into the question.

Comment posted by Alexred

Please post django-csp related values from your


Leave a Reply

Your email address will not be published. Required fields are marked *