Try adding this to Settings.py
:
X_FRAME_OPTIONS = 'SAMEORIGIN'
By default, the X-Frame-Options
are set to Deny
https://docs.djangoproject.com/en/3.0/ref/clickjacking/
This may not be your problem, as there are many things that could be causing this, such as CSP. Difficult to say for sure without my information.
First good to mention the documentation of the django-csp Configuring django-csp
Try to do first what’s bones225 mentioned.
Esure header X-Frame-Options "SAMEORIGIN';
Note, you can check all your current headers in Response Headers in the Web Developer Tools (chrome: Network -> Name -> click on html page -> Headers will open on right side )
You may have directive CSP_DEFAULT_SRC = ("'self'")
in place and no CSP_FRAME_SRC
set.
Then add CSP_FRAME_SRC = ('localhost:8000')
too.
The iframe displays that it cannot connect. I’ve tried using the default @xframe_options_exempt
decorator on the view, aswell as django-csp’s @csp_exempt
to no avail.
The console errors given are:
Refused to display 'http://localhost:8000/new_pull/' in a frame because it set 'X-Frame-Options' to 'deny'.
and
Failed to load resource: the server responded with a status of 404 (Not Found)
view
@csp_exempt
@login_required
def new_pull(request):
"""Create a new pull request"""
if request.method != 'POST':
# No data submitted; create a blank form
form = PullForm()
else:
# POST data submitted; process data
form = PullForm(data=request.POST)
if form.is_valid():
new_pull = form.save(commit=False)
new_pull.owner = request.user
new_pull.save()
# Display a blank or invalid form.
context = {'form': form}
return render(request, 'learning_logs/new_pull.html', context)
base.html
{% if user.is_authenticated %}
<br>
<iframe src="{% url 'learning_logs:new_pull' %}" title="Pull request Iframe"></iframe>
<iframe src="learning_logs/new_pull.html" title="Pull request Iframe"></iframe>
{% endif %}
new_pull.html
<div class="pull container text-center border-top mt-5">
<h5 class="mt-2">Pull request</h5>
<p>New pull request:</p>
<form action="{% url 'learning_logs:new_pull' %}" method='post'>
{% csrf_token %}
{% bootstrap_form form %}
{% buttons %}
<button name="submit" class="btn btn-green pl-2 pr-2">
<i class="fas fa-plus-circle"></i>
Create pull
</button>
{% endbuttons %}
<input type="hidden" name="next"
value="{% url 'learning_logs:bug_tracker' %}" />
</form>
</div>
I believe you are providing the wrong information in your question. This seems like it is an HTML question — not a Django question. I do not think your Python code is relevant here. Instead, post your console error message exactly as written that tells you you cannot load the iframe.
Thanks, I’ve added that into the question.