Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: remove csrf with scheme settings from edxapp

Browse Source 
See https://github.com/edx/edx-arch-experiments/issues/460 for more
details.
This commit is contained in:
M Umar Khan
2025-05-20 11:30:19 +05:00
committed by Feanil Patel
parent 27c4ea44f2
commit a2eda30488
5 changed files with 3 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cms/envs/common.py
View File

@@ -837,7 +837,6 @@ CSRF_COOKIE_SECURE = False
CROSS_DOMAIN_CSRF_COOKIE_DOMAIN = ''
CROSS_DOMAIN_CSRF_COOKIE_NAME = ''
CSRF_TRUSTED_ORIGINS = []
CSRF_TRUSTED_ORIGINS_WITH_SCHEME = []
#################### CAPA External Code Evaluation #############################
XQUEUE_WAITTIME_BETWEEN_REQUESTS = 5 # seconds

3
cms/envs/production.py
View File

@@ -223,8 +223,7 @@ if 'staticfiles' in CACHES:
# Once we have migrated to service assets off S3, then we can convert this back to
# managed by the yaml file contents
STATICFILES_STORAGE = os.environ.get('STATICFILES_STORAGE', STATICFILES_STORAGE)
CSRF_TRUSTED_ORIGINS = _YAML_TOKENS.get("CSRF_TRUSTED_ORIGINS_WITH_SCHEME", [])
CSRF_TRUSTED_ORIGINS = _YAML_TOKENS.get("CSRF_TRUSTED_ORIGINS", [])
MKTG_URL_LINK_MAP.update(_YAML_TOKENS.get('MKTG_URL_LINK_MAP', {}))

1
lms/envs/common.py
View File

@@ -3374,7 +3374,6 @@ CSRF_COOKIE_AGE = 60 * 60 * 24 * 7 * 52
# end users
CSRF_COOKIE_SECURE = False
CSRF_TRUSTED_ORIGINS = []
CSRF_TRUSTED_ORIGINS_WITH_SCHEME = []
# If setting a cross-domain cookie, it's really important to choose
# a name for the cookie that is DIFFERENT than the cookies used

2
lms/envs/production.py
View File

@@ -127,7 +127,7 @@ BULK_EMAIL_ROUTING_KEY = Derived(lambda settings: settings.HIGH_PRIORITY_QUEUE)
BULK_EMAIL_ROUTING_KEY_SMALL_JOBS = Derived(lambda settings: settings.DEFAULT_PRIORITY_QUEUE)
CC_MERCHANT_NAME = Derived(lambda settings: settings.PLATFORM_NAME)
CREDENTIALS_GENERATION_ROUTING_KEY = Derived(lambda settings: settings.DEFAULT_PRIORITY_QUEUE)
CSRF_TRUSTED_ORIGINS = Derived(lambda settings: settings.CSRF_TRUSTED_ORIGINS_WITH_SCHEME)
CSRF_TRUSTED_ORIGINS = Derived(lambda settings: settings.CSRF_TRUSTED_ORIGINS)
DEFAULT_ENTERPRISE_API_URL = Derived(
lambda settings: (
None if settings.LMS_INTERNAL_ROOT_URL is None

10
lms/envs/test.py
View File

@@ -18,7 +18,6 @@ from collections import OrderedDict
from uuid import uuid4
import openid.oidutil
import django
from django.utils.translation import gettext_lazy
from edx_django_utils.plugins import add_plugins
from path import Path as path
@@ -646,14 +645,7 @@ SURVEY_REPORT_CHECK_THRESHOLD = 6
SURVEY_REPORT_ENABLE = True
ANONYMOUS_SURVEY_REPORT = False
CSRF_TRUSTED_ORIGINS = ['.example.com']
CSRF_TRUSTED_ORIGINS_WITH_SCHEME = ['https://*.example.com']
# values are already updated above with default CSRF_TRUSTED_ORIGINS values but in
# case of new django version these values will override.
if django.VERSION[0] >= 4: # for greater than django 3.2 use with schemes.
CSRF_TRUSTED_ORIGINS = CSRF_TRUSTED_ORIGINS_WITH_SCHEME
CSRF_TRUSTED_ORIGINS = ['https://*.example.com']
############## Settings for JWT token handling ##############
TOKEN_SIGNING = {