fix: Don't use django-cookies-samesite on Django > 3.1
BOM-2752
This commit is contained in:
Awais Qureshi
@@ -3,13 +3,15 @@ Unit Tests for Utils Class
|
||||
"""
|
||||
|
||||
|
||||
import importlib
|
||||
from importlib.metadata import version
|
||||
from unittest import TestCase
|
||||
|
||||
import ddt
|
||||
import django
|
||||
from django.conf import settings
|
||||
from opaque_keys.edx.keys import CourseKey, UsageKey
|
||||
|
||||
from lms.djangoapps.utils import _get_key
|
||||
|
||||
|
||||
@ddt.ddt
|
||||
class UtilsTests(TestCase): # lint-amnesty, pylint: disable=missing-class-docstring
|
||||
@@ -27,3 +29,19 @@ class UtilsTests(TestCase): # lint-amnesty, pylint: disable=missing-class-docst
|
||||
@ddt.unpack
|
||||
def test_get_key(self, input_key, output_key, key_cls):
|
||||
assert _get_key(input_key, key_cls) == output_key
|
||||
|
||||
def test_same_site_cookie_version(self):
|
||||
"""
|
||||
Make sure with django (2.2 or 3.0) django_cookies_samesite settings enabled.
|
||||
For greater version django_cookies_samesite not required.
|
||||
"""
|
||||
self.assertTrue(hasattr(settings, 'DCS_SESSION_COOKIE_SAMESITE_FORCE_ALL'))
|
||||
self.assertTrue(hasattr(settings, 'DCS_SESSION_COOKIE_SAMESITE'))
|
||||
|
||||
if django.VERSION >= (3, 1):
|
||||
self.assertNotIn('django_cookies_samesite.middleware.CookiesSameSite' in settings.MIDDLEWARE)
|
||||
with self.assertRaises(importlib.metadata.PackageNotFoundError):
|
||||
version('django-cookies-samesite')
|
||||
else:
|
||||
self.assertTrue(version('django-cookies-samesite'))
|
||||
self.assertIn('django_cookies_samesite.middleware.CookiesSameSite' in settings.MIDDLEWARE)
|
||||
|
||||
@@ -32,6 +32,7 @@ import importlib.util
|
||||
import sys
|
||||
import os
|
||||
|
||||
import django
|
||||
from corsheaders.defaults import default_headers as corsheaders_default_headers
|
||||
from path import Path as path
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
@@ -2124,6 +2125,13 @@ MIDDLEWARE = [
|
||||
'openedx.core.djangoapps.site_configuration.middleware.SessionCookieDomainOverrideMiddleware',
|
||||
]
|
||||
|
||||
if django.VERSION >= (3, 1):
|
||||
# Avoid issue with https://blog.heroku.com/chrome-changes-samesite-cookie
|
||||
# Override was found here https://github.com/django/django/pull/11894
|
||||
MIDDLEWARE.remove(
|
||||
'django_cookies_samesite.middleware.CookiesSameSite'
|
||||
)
|
||||
|
||||
# Clickjacking protection can be disbaled by setting this to 'ALLOW'
|
||||
X_FRAME_OPTIONS = 'DENY'
|
||||
|
||||
|
||||
2
requirements/edx/django32.txt
Normal file
2
requirements/edx/django32.txt
Normal file
@@ -0,0 +1,2 @@
|
||||
Django>=3.2,<3.3
|
||||
|
||||
8
tox.ini
8
tox.ini
@@ -67,10 +67,10 @@ passenv =
|
||||
XDIST_WORKER_SECURITY_GROUP
|
||||
XDIST_WORKER_SUBNET
|
||||
deps =
|
||||
django22: Django>=2.2,<2.3
|
||||
django30: Django>=3.0,<3.1
|
||||
django31: Django>=3.1,<3.2
|
||||
django32: Django>=3.2,<4.0
|
||||
django22: requirements/edx/django.txt
|
||||
django30: requirements/edx/django30.txt
|
||||
django31: requirements/edx/django31.txt
|
||||
django32: requirements/edx/django32.txt
|
||||
-r requirements/edx/testing.txt
|
||||
whitelist_externals =
|
||||
/bin/bash
|
||||
|
||||
Reference in New Issue
Block a user