From 83efb05c6c40ca9cc51e58075c3fa19e387960a8 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Evrard Date: Mon, 9 Jan 2017 09:00:55 +0000 Subject: [PATCH] Make possible to use embed iframes Because horizon local settings cannot use config_template, we have to maintain the features possible in the template ourselves. This adds the possibility to allow/deny the use of embedded iframes. Change-Id: I12470ac156a433eee795b4090b21d106418ecd5a --- .../horizon_disallow_iframe_embed-8c115e431b812655.yaml | 6 ++++++ templates/horizon_local_settings.py.j2 | 4 ++++ 2 files changed, 10 insertions(+) create mode 100644 releasenotes/notes/horizon_disallow_iframe_embed-8c115e431b812655.yaml diff --git a/releasenotes/notes/horizon_disallow_iframe_embed-8c115e431b812655.yaml b/releasenotes/notes/horizon_disallow_iframe_embed-8c115e431b812655.yaml new file mode 100644 index 00000000..42079109 --- /dev/null +++ b/releasenotes/notes/horizon_disallow_iframe_embed-8c115e431b812655.yaml @@ -0,0 +1,6 @@ +--- +features: + - It's now possible to change the behavior of + ``DISALLOW_IFRAME_EMBED`` by defining the variable + ``horizon_disallow_iframe_embed`` in the user + variables. diff --git a/templates/horizon_local_settings.py.j2 b/templates/horizon_local_settings.py.j2 index 85a1b3fc..ee885961 100644 --- a/templates/horizon_local_settings.py.j2 +++ b/templates/horizon_local_settings.py.j2 @@ -725,7 +725,11 @@ REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES', # where iframes are not used in deployment. Default setting is True. # For more information see: # http://tinyurl.com/anticlickjack +{% if horizon_disallow_iframe_embed is defined %} +DISALLOW_IFRAME_EMBED = {{ horizon_disallow_iframe_embed }} +{% else %} #DISALLOW_IFRAME_EMBED = True +{% endif %} # The default date range in the Overview panel meters - either minus N # days (if the value is integer N), or from the beginning of the current month