header data render_to_response to include X-Frame-Options ALLOWALL

Question

I want to add X-Frame-Options ALLOWALL to the header of some page (for some remote ajax calls).

My view is simple, something like this:

def info(request):    
    return render_to_response("info.html",
                               locals(),
                               context_instance=RequestContext(request))

How can I modify the header content?

Answer 1

Instead of using render_to_response(), use render()

def info(request):
    data = render(request, 'info.html')
    response = HttpResponse(data)
    response['X-Frame-Options'] = "ALLOWALL"
    return response

And there's also the global setting. To use it, add this to Middleware: 'django.middleware.clickjacking.XFrameOptionsMiddleware', and add to the settings X-Frame-Options = 'ALLOWALL' , however that is usually not a good idea unless you know exactly what you're doing.