diff --git a/cms/envs/common.py b/cms/envs/common.py index 1667e375d3..5dd3d70cdd 100644 --- a/cms/envs/common.py +++ b/cms/envs/common.py @@ -837,7 +837,6 @@ CSRF_COOKIE_SECURE = False CROSS_DOMAIN_CSRF_COOKIE_DOMAIN = '' CROSS_DOMAIN_CSRF_COOKIE_NAME = '' CSRF_TRUSTED_ORIGINS = [] -CSRF_TRUSTED_ORIGINS_WITH_SCHEME = [] #################### CAPA External Code Evaluation ############################# XQUEUE_WAITTIME_BETWEEN_REQUESTS = 5 # seconds diff --git a/cms/envs/production.py b/cms/envs/production.py index 582130ff7b..4ba05e1ab4 100644 --- a/cms/envs/production.py +++ b/cms/envs/production.py @@ -223,8 +223,7 @@ if 'staticfiles' in CACHES: # Once we have migrated to service assets off S3, then we can convert this back to # managed by the yaml file contents STATICFILES_STORAGE = os.environ.get('STATICFILES_STORAGE', STATICFILES_STORAGE) - -CSRF_TRUSTED_ORIGINS = _YAML_TOKENS.get("CSRF_TRUSTED_ORIGINS_WITH_SCHEME", []) +CSRF_TRUSTED_ORIGINS = _YAML_TOKENS.get("CSRF_TRUSTED_ORIGINS", []) MKTG_URL_LINK_MAP.update(_YAML_TOKENS.get('MKTG_URL_LINK_MAP', {})) diff --git a/lms/envs/common.py b/lms/envs/common.py index 0114bc249c..ce3ce6ca63 100644 --- a/lms/envs/common.py +++ b/lms/envs/common.py @@ -3374,7 +3374,6 @@ CSRF_COOKIE_AGE = 60 * 60 * 24 * 7 * 52 # end users CSRF_COOKIE_SECURE = False CSRF_TRUSTED_ORIGINS = [] -CSRF_TRUSTED_ORIGINS_WITH_SCHEME = [] # If setting a cross-domain cookie, it's really important to choose # a name for the cookie that is DIFFERENT than the cookies used diff --git a/lms/envs/production.py b/lms/envs/production.py index b44b1078bf..2587e38836 100644 --- a/lms/envs/production.py +++ b/lms/envs/production.py @@ -127,7 +127,7 @@ BULK_EMAIL_ROUTING_KEY = Derived(lambda settings: settings.HIGH_PRIORITY_QUEUE) BULK_EMAIL_ROUTING_KEY_SMALL_JOBS = Derived(lambda settings: settings.DEFAULT_PRIORITY_QUEUE) CC_MERCHANT_NAME = Derived(lambda settings: settings.PLATFORM_NAME) CREDENTIALS_GENERATION_ROUTING_KEY = Derived(lambda settings: settings.DEFAULT_PRIORITY_QUEUE) -CSRF_TRUSTED_ORIGINS = Derived(lambda settings: settings.CSRF_TRUSTED_ORIGINS_WITH_SCHEME) +CSRF_TRUSTED_ORIGINS = Derived(lambda settings: settings.CSRF_TRUSTED_ORIGINS) DEFAULT_ENTERPRISE_API_URL = Derived( lambda settings: ( None if settings.LMS_INTERNAL_ROOT_URL is None diff --git a/lms/envs/test.py b/lms/envs/test.py index 4563b571e0..3714cf5459 100644 --- a/lms/envs/test.py +++ b/lms/envs/test.py @@ -18,7 +18,6 @@ from collections import OrderedDict from uuid import uuid4 import openid.oidutil -import django from django.utils.translation import gettext_lazy from edx_django_utils.plugins import add_plugins from path import Path as path @@ -646,14 +645,7 @@ SURVEY_REPORT_CHECK_THRESHOLD = 6 SURVEY_REPORT_ENABLE = True ANONYMOUS_SURVEY_REPORT = False -CSRF_TRUSTED_ORIGINS = ['.example.com'] -CSRF_TRUSTED_ORIGINS_WITH_SCHEME = ['https://*.example.com'] - -# values are already updated above with default CSRF_TRUSTED_ORIGINS values but in -# case of new django version these values will override. -if django.VERSION[0] >= 4: # for greater than django 3.2 use with schemes. - CSRF_TRUSTED_ORIGINS = CSRF_TRUSTED_ORIGINS_WITH_SCHEME - +CSRF_TRUSTED_ORIGINS = ['https://*.example.com'] ############## Settings for JWT token handling ############## TOKEN_SIGNING = {