Reputation: 153
I was using Django 2.2 up till now and I recently tried upgrading to Django 3.2
We use a website live chat plugin called tawk.to which works by embedding an iframe to our page with the chat option in there.
However, after upgrading to Django 3.2, even though the plugin's JS code is loading, the iframe is missing from the website altogether.
I am not sure what is causing the issue. Is the iframe blocked in Django 3.2 or do I have to enable any setting for it?
Upvotes: 2
Views: 444
Reputation: 153
I found the answer after going deep into the Django files. Add this to your settings.py file.
SECURE_REFERRER_POLICY = "strict-origin-when-cross-origin". # when using other websites that track visitors or use their iframe on your website.
X_FRAME_OPTIONS = 'SAMEORIGIN' # Necessary to show Iframe from your own server (such as PDFs on your website)
Upvotes: 0
Reputation: 31
There are security updates are added in Django 3.2 which do not allow other frames. Refer https://docs.djangoproject.com/en/3.2/ref/clickjacking/#preventing-clickjacking.
You should change X_FRAME_OPTIONS = 'SAMEORIGIN' as explained in https://docs.djangoproject.com/en/3.2/ref/clickjacking/#how-to-use-it
Upvotes: 2