[1.8.x] Fixed #24896 -- Doc'd clickjacking protection doesn't overwrite X-Frame-Options header.

Backport of 0b5fb8e72c74e41d250f35c8c3df3f3a13d367f3 from master
2025-01-22 16:19:35 +00:00 · 2015-06-02 14:11:01 +10:00 · 2015-06-02 14:11:01 +10:00 · 3b41850adc
commit 3b41850adc
parent aefa3a6a03
1 changed files with 3 additions and 0 deletions
--- a/docs/ref/clickjacking.txt
+++ b/docs/ref/clickjacking.txt
@ -45,6 +45,9 @@ site:
 2. A set of view decorators that can be used to override the middleware or to
   only set the header for certain views.

+The ``X-Frame-Options`` HTTP header will only be set by the middleware or view
+decorators if it is not already present in the response.
+
 How to use it
 =============