Book Image

Learn Web Development with Python

By : Fabrizio Romano, Gaston C. Hillar, Arun Ravindran
Book Image

Learn Web Development with Python

By: Fabrizio Romano, Gaston C. Hillar, Arun Ravindran

Overview of this book

If you want to develop complete Python web apps with Django, this Learning Path is for you. It will walk you through Python programming techniques and guide you in implementing them when creating 4 professional Django projects, teaching you how to solve common problems and develop RESTful web services with Django and Python. You will learn how to build a blog application, a social image bookmarking website, an online shop, and an e-learning platform. Learn Web Development with Python will get you started with Python programming techniques, show you how to enhance your applications with AJAX, create RESTful APIs, and set up a production environment for your Django projects. Last but not least, you’ll learn the best practices for creating real-world applications. By the end of this Learning Path, you will have a full understanding of how Django works and how to use it to build web applications from scratch. This Learning Path includes content from the following Packt products: • Learn Python Programming by Fabrizio Romano • Django RESTful Web Services by Gastón C. Hillar • Django Design Patterns and Best Practices by Arun Ravindran
Table of Contents (33 chapters)
Title Page
About Packt


Clickjacking is a means of misleading a user to click on a hidden link or button in the browser when they were intending to click on something else.

This is typically implemented using an invisible IFRAME that contains the target website over a dummy web page (shown here) that the user is likely to click on:

Since the action button in the invisible frame would be aligned exactly above the button in the dummy page, the user's click will perform an action on the target website instead.

How Django helps

Django protects your site from clickjacking using middleware that can be fine-tuned using several decorators. By default, this django.middleware.clickjacking.XFrameOptionsMiddleware middleware will be included in your MIDDLEWARE_CLASSES within your settings file. It works by setting the X-Frame-Options header to SAMEORIGIN for every outgoing HttpResponse.

Most modern browsers recognize the header, which means that this page should not be inside a frame in other domains. The protection...