add X_FRAME_OPTIONS env

Author: versun

config/settings.py

@@ -20,7 +20,7 @@
 DEMO = os.environ.get("DEMO") == "1"
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
 BASE_DIR = Path(__file__).resolve().parent.parent
-
+X_FRAME_OPTIONS = os.environ.get('X_FRAME_OPTIONS', 'DENY')
 
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/4.2/howto/deployment/checklist/

templates/admin/base_site.html

@@ -1,7 +1,4 @@
-{% extends "admin/base_site.html" %}
-
-{% block extrahead %}
-{{ block.super }}
+{% extends "admin/base_site.html" %} {% block extrahead %} {{ block.super }}
 <style>
     .svg-icon {
         width: 1em;
@@ -32,55 +29,66 @@
 </style>
 <script>
     function checkUpdate() {
-        const versionElement = document.querySelector('#footer [data-version]');
-        const currentVersion = versionElement ? versionElement.getAttribute('data-version') : null;
-        const updateButton = document.getElementById('update-button');
-        const updateStatus = document.getElementById('update-status');
+        const versionElement = document.querySelector("#footer [data-version]");
+        const currentVersion = versionElement
+            ? versionElement.getAttribute("data-version")
+            : null;
+        const updateButton = document.getElementById("update-button");
+        const updateStatus = document.getElementById("update-status");
 
         if (!currentVersion) {
-            updateStatus.textContent = ' Unable to get current version';
+            updateStatus.textContent = " Unable to get current version";
             return;
         }
 
-        updateButton.classList.add('rotating');
-        updateStatus.textContent = ' Checking...';
+        updateButton.classList.add("rotating");
+        updateStatus.textContent = " Checking...";
 
-        fetch('https://api.github.com/repos/rss-translator/RSS-Translator/releases/latest')
-            .then(response => {
+        fetch(
+            "https://api.github.com/repos/rss-translator/RSS-Translator/releases/latest",
+        )
+            .then((response) => {
                 if (!response.ok) {
-                    throw new Error('Network error');
+                    throw new Error("Network error");
                 }
                 return response.json();
             })
-            .then(data => {
+            .then((data) => {
                 const latestVersion = data.tag_name;
                 if (latestVersion !== currentVersion) {
                     updateStatus.innerHTML = ` <a href="${data.html_url}" target="_blank">Update available (${latestVersion})</a>`;
                 } else {
-                    updateStatus.textContent = ' Up to date';
+                    updateStatus.textContent = " Up to date";
                 }
             })
-            .catch(error => {
-                console.error('Update check failed:', error);
-                updateStatus.textContent = ' Check Failed';
+            .catch((error) => {
+                console.error("Update check failed:", error);
+                updateStatus.textContent = " Check Failed";
             })
             .finally(() => {
-                updateButton.classList.remove('rotating');
+                updateButton.classList.remove("rotating");
             });
     }
 </script>
-{% endblock %}
-
-{% block footer %}
-<div id="footer" style="text-align: center;">
-    <a href="https://rsstranslator.com" title="RSS Translator">RSS Translator</a> ·
-    <a href="https://afdian.com/a/versun" title="Donate">Donate</a> ·
-    Version: <span data-version="2025.5.13">2025.5.13</span>
-    <svg id="update-button" class="svg-icon" viewBox="0 0 1024 1024" version="1.1" xmlns="http://www.w3.org/2000/svg"
-        onclick="checkUpdate()">
+{% endblock %} {% block footer %}
+<div id="footer" style="text-align: center">
+    <a href="https://rsstranslator.com" title="RSS Translator"
+        >RSS Translator</a
+    >
+    · <a href="https://afdian.com/a/versun" title="Donate">Donate</a> · Version:
+    <span data-version="2025.5.24">2025.5.24</span>
+    <svg
+        id="update-button"
+        class="svg-icon"
+        viewBox="0 0 1024 1024"
+        version="1.1"
+        xmlns="http://www.w3.org/2000/svg"
+        onclick="checkUpdate()"
+    >
         <title>Check Updates</title>
         <path
-            d="M783.568 328C724.571 241.095 624.953 184 512 184c-181.15 0-328 146.85-328 328h-72c0-220.914 179.086-400 400-400 135.738 0 255.685 67.611 328 170.994V128c0-8.837 7.163-16 16-16h48a8 8 0 0 1 8 8v248c0 17.673-14.327 32-32 32H632a8 8 0 0 1-8-8v-48c0-8.837 7.163-16 16-16h143.568zM240.432 696C299.429 782.905 399.047 840 512 840c181.15 0 328-146.85 328-328h72c0 220.914-179.086 400-400 400-135.738 0-255.685-67.611-328-170.994V896c0 8.837-7.163 16-16 16h-48a8 8 0 0 1-8-8V656c0-17.673 14.327-32 32-32h248a8 8 0 0 1 8 8v48c0 8.837-7.163 16-16 16H240.432z" />
+            d="M783.568 328C724.571 241.095 624.953 184 512 184c-181.15 0-328 146.85-328 328h-72c0-220.914 179.086-400 400-400 135.738 0 255.685 67.611 328 170.994V128c0-8.837 7.163-16 16-16h48a8 8 0 0 1 8 8v248c0 17.673-14.327 32-32 32H632a8 8 0 0 1-8-8v-48c0-8.837 7.163-16 16-16h143.568zM240.432 696C299.429 782.905 399.047 840 512 840c181.15 0 328-146.85 328-328h72c0 220.914-179.086 400-400 400-135.738 0-255.685-67.611-328-170.994V896c0 8.837-7.163 16-16 16h-48a8 8 0 0 1-8-8V656c0-17.673 14.327-32 32-32h248a8 8 0 0 1 8 8v48c0 8.837-7.163 16-16 16H240.432z"
+        />
     </svg>
     <span id="update-status"></span>
 </div>