2

I'm trying to implement Facebook login on a site I am building. I have got everything working except for one thing in development. The current X-Frame-Options header is set to sameorigin which means it won't allow Facebook login to be embedded in my website.

I want to add this header to all responses sent by Flask to the browser:

X-Frame-Options: allow-from https://www.facebook.com/

Can anyone point me in the right direction please as to how to do this?

I thought middleware might be an option, but I'm not sure if there is a better option or not?

Cromulent
  • 3,788
  • 4
  • 31
  • 41
  • 1
    Since you should be using a webserver before Flask in production it might be a good idea to set the header there. – Klaus D. Apr 27 '19 at 04:47
  • 1
    You can register a [`after_request`](http://flask.pocoo.org/docs/1.0/api/#flask.Flask.after_request) function to insert the header. – Tomáš Linhart Apr 27 '19 at 05:22
  • @KlausD.I will do when I am running in production, but for development, I need to set the header so I can test Facebook login. – Cromulent Apr 27 '19 at 07:05
  • @TomášLinhart Thank you. That looks exactly what I want. – Cromulent Apr 27 '19 at 07:06
  • not sure I undersant thie answer by @ThomasLinhart, couple of useful links. https://stackoverflow.com/questions/25860304/how-do-i-set-response-headers-in-flask https://medium.com/innovation-incubator/flask-before-and-after-request-decorators-e639b06c2128 – CodingMatters Jun 01 '22 at 01:28

0 Answers0