Yash Mittra
Yash Mittra

Reputation: 153

Iframe stops working after upgrading to Django 3.2 LTS

I was using Django 2.2 up till now and I recently tried upgrading to Django 3.2

We use a website live chat plugin called tawk.to which works by embedding an iframe to our page with the chat option in there.

enter image description here

However, after upgrading to Django 3.2, even though the plugin's JS code is loading, the iframe is missing from the website altogether. enter image description here

I am not sure what is causing the issue. Is the iframe blocked in Django 3.2 or do I have to enable any setting for it?

Upvotes: 2

Views: 444

Answers (2)

Yash Mittra
Yash Mittra

Reputation: 153

I found the answer after going deep into the Django files. Add this to your settings.py file.

SECURE_REFERRER_POLICY = "strict-origin-when-cross-origin". # when using other websites that track visitors or use their iframe on your website.
X_FRAME_OPTIONS = 'SAMEORIGIN' # Necessary to show Iframe from your own server (such as PDFs on your website)

Upvotes: 0

Sanjiv
Sanjiv

Reputation: 31

There are security updates are added in Django 3.2 which do not allow other frames. Refer https://docs.djangoproject.com/en/3.2/ref/clickjacking/#preventing-clickjacking.

You should change X_FRAME_OPTIONS = 'SAMEORIGIN' as explained in https://docs.djangoproject.com/en/3.2/ref/clickjacking/#how-to-use-it

Upvotes: 2

Related Questions