From 919cdeae200f670e2b4c51f3d09feca8a8ab4bf6 Mon Sep 17 00:00:00 2001
From: feng <1304903146@qq.com>
Date: Tue, 25 Feb 2025 19:12:18 +0800
Subject: [PATCH] perf: report to iframe

---
 apps/accounts/api/automations/base.py           | 3 ++-
 apps/accounts/api/automations/gather_account.py | 2 ++
 apps/i18n/lina/en.json                          | 3 +--
 apps/i18n/lina/zh.json                          | 2 +-
 4 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/apps/accounts/api/automations/base.py b/apps/accounts/api/automations/base.py
index bc897f9c1..e316b7d2f 100644
--- a/apps/accounts/api/automations/base.py
+++ b/apps/accounts/api/automations/base.py
@@ -1,6 +1,7 @@
 from django.http import HttpResponse
 from django.shortcuts import get_object_or_404
 from django.utils.translation import gettext_lazy as _
+from django.views.decorators.clickjacking import xframe_options_sameorigin
 from rest_framework import status, mixins, viewsets
 from rest_framework.decorators import action
 from rest_framework.response import Response
@@ -115,9 +116,9 @@ class AutomationExecutionViewSet(
         )
         return Response({'task': task.id}, status=status.HTTP_201_CREATED)
 
+    @xframe_options_sameorigin
     @action(methods=['get'], detail=True, url_path='report')
     def report(self, request, *args, **kwargs):
         execution = self.get_object()
         report = execution.manager.gen_report()
         return HttpResponse(report)
-
diff --git a/apps/accounts/api/automations/gather_account.py b/apps/accounts/api/automations/gather_account.py
index 49f38d028..1201d1c5e 100644
--- a/apps/accounts/api/automations/gather_account.py
+++ b/apps/accounts/api/automations/gather_account.py
@@ -2,6 +2,7 @@
 #
 from django.http import HttpResponse
 from django.shortcuts import get_object_or_404
+from django.views.decorators.clickjacking import xframe_options_sameorigin
 from rest_framework import status
 from rest_framework.decorators import action
 from rest_framework.response import Response
@@ -48,6 +49,7 @@ class DiscoverAccountsExecutionViewSet(AutomationExecutionViewSet):
         queryset = queryset.filter(automation__type=self.tp)
         return queryset
 
+    @xframe_options_sameorigin
     @action(methods=["get"], detail=False, url_path="adhoc")
     def adhoc(self, request, *args, **kwargs):
         asset_id = request.query_params.get("asset_id")
diff --git a/apps/i18n/lina/en.json b/apps/i18n/lina/en.json
index 6e09c2e86..23b026137 100644
--- a/apps/i18n/lina/en.json
+++ b/apps/i18n/lina/en.json
@@ -20,8 +20,7 @@
     "AccountDeleteConfirmMsg": "Delete account, continue?",
     "AccountDeleted": "Account deleted",
     "AccountDiscoverDetail": "Gather account details",
-    "AccountDiscoverList": "Discover accounts",
-    "AccountDiscoverTask": "Discover accounts tasks",
+    "AccountDiscover": "Discover accounts",
     "AccountDiscoverTaskCreate": "Create discover accounts task",
     "AccountDiscoverTaskUpdate": "Update the discover accounts task",
     "AccountExportTips": "The exported information contains sensitive information such as encrypted account numbers. the exported format is an encrypted zip file (if you have not set the encryption password, please go to personal info to set the file encryption password).",
diff --git a/apps/i18n/lina/zh.json b/apps/i18n/lina/zh.json
index 75b5237a2..0020678e6 100644
--- a/apps/i18n/lina/zh.json
+++ b/apps/i18n/lina/zh.json
@@ -18,7 +18,7 @@
     "AccountData": "账号数据",
     "AccountDeleteConfirmMsg": "删除账号，是否继续？",
     "AccountDeleted": "账号删除",
-    "AccountDiscoverTask": "账号发现",
+    "AccountDiscover": "账号发现",
     "AccountExportTips": "导出信息中包含账号密文涉及敏感信息，导出的格式为一个加密的zip文件（若没有设置加密密码，请前往个人信息中设置文件加密密码）。",
     "AccountList": "账号",
     "AccountPolicy": "账号策略",