From 33edc71dc1c8e1e8807b04154ffaa3a712846aba Mon Sep 17 00:00:00 2001
From: Waheed Ahmed <waheed.ahmed@arbisoft.com>
Date: Tue, 31 Jul 2018 18:39:06 +0500
Subject: [PATCH] Exempt render_xblock from xfram options.

Exempt render_xblock from xfram options otherwise, mobile apps, LTI
and other apps that iFrame our course-blocks won't work.

LEARNER-6002
---
 lms/djangoapps/courseware/views/views.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lms/djangoapps/courseware/views/views.py b/lms/djangoapps/courseware/views/views.py
index 301b6a94a15..3ed0f3223ee 100644
--- a/lms/djangoapps/courseware/views/views.py
+++ b/lms/djangoapps/courseware/views/views.py
@@ -23,6 +23,7 @@ from django.utils.http import urlquote_plus
 from django.utils.text import slugify
 from django.utils.translation import ugettext as _
 from django.views.decorators.cache import cache_control
+from django.views.decorators.clickjacking import xframe_options_exempt
 from django.views.decorators.csrf import ensure_csrf_cookie
 from django.views.decorators.http import require_GET, require_http_methods, require_POST
 from django.views.generic import View
@@ -1445,6 +1446,7 @@ def _track_successful_certificate_generation(user_id, course_id):  # pylint: dis
 
 @require_http_methods(["GET", "POST"])
 @ensure_valid_usage_key
+@xframe_options_exempt
 def render_xblock(request, usage_key_string, check_if_enrolled=True):
     """
     Returns an HttpResponse with HTML content for the xBlock with the given usage_key.
-- 
GitLab