Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adds django-cookies-sameseite middleware

Browse Source 
and settings to set SameSite=None for all secure cookies.
This commit is contained in:
Jillian Vogel
2020-04-09 18:12:59 +09:30
parent 20fe068a01
commit bb85420e91
5 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lms/envs/common.py
View File

@@ -1144,6 +1144,8 @@ SESSION_SAVE_EVERY_REQUEST = False
SESSION_SERIALIZER = 'openedx.core.lib.session_serializers.PickleSerializer'
SESSION_COOKIE_DOMAIN = ""
SESSION_COOKIE_NAME = 'sessionid'
SESSION_COOKIE_SAMESITE = 'None'
SESSION_COOKIE_SAMESITE_FORCE_ALL = True
# CMS base
CMS_BASE = 'localhost:18010'
@@ -1566,6 +1568,9 @@ MIDDLEWARE = [
# Handles automatically storing user ids in django-simple-history tables when possible.
'simple_history.middleware.HistoryRequestMiddleware',
# Sets SameSite flag for session and csrf cookies in legacy versions of Django.
'django_cookies_samesite.middleware.CookiesSameSite',
# This must be last
'openedx.core.djangoapps.site_configuration.middleware.SessionCookieDomainOverrideMiddleware',
]

1
requirements/edx/base.in
View File

@@ -38,6 +38,7 @@ contextlib2 # We need contextlib2.ExitStack so we can st
defusedxml
Django<1.12 # Web application framework
django-celery # Only used for the CacheBackend for celery results
django-cookies-samesite # Middleware which sets SameSite flag for session and csrf cookies in Django<2.2
django-config-models>=1.0.0 # Configuration models for Django allowing config management with auditing
django-cors-headers # Used to allow to configure CORS headers for cross-domain requests
django-countries # Country data for Django forms and model fields

1
requirements/edx/base.txt
View File

@@ -57,6 +57,7 @@ git+https://github.com/Zegocover/enmerkar.git@dbc113798aa4beabdfa2d00e6fef48248e
django-celery==3.3.1 # via -r requirements/edx/base.in
django-classy-tags==1.0.0 # via django-sekizai
django-config-models==2.0.0 # via -r requirements/edx/base.in, edx-enterprise
django-cookies-samesite==0.5.1 # via -r requirements/edx/base.in
django-cors-headers==2.5.3 # via -c requirements/edx/../constraints.txt, -r requirements/edx/base.in
django-countries==5.5 # via -c requirements/edx/../constraints.txt, -r requirements/edx/base.in, edx-enterprise
django-crum==0.7.5 # via -r requirements/edx/base.in, edx-enterprise, edx-proctoring, edx-rbac, super-csv

1
requirements/edx/development.txt
View File

@@ -68,6 +68,7 @@ git+https://github.com/Zegocover/enmerkar.git@dbc113798aa4beabdfa2d00e6fef48248e
django-celery==3.3.1 # via -r requirements/edx/testing.txt
django-classy-tags==1.0.0 # via -r requirements/edx/testing.txt, django-sekizai
django-config-models==2.0.0 # via -r requirements/edx/testing.txt, edx-enterprise
django-cookies-samesite==0.5.1 # via -r requirements/edx/testing.txt
django-cors-headers==2.5.3 # via -c requirements/edx/../constraints.txt, -r requirements/edx/testing.txt
django-countries==5.5 # via -c requirements/edx/../constraints.txt, -r requirements/edx/testing.txt, edx-enterprise
django-crum==0.7.5 # via -r requirements/edx/testing.txt, edx-enterprise, edx-proctoring, edx-rbac, super-csv

1
requirements/edx/testing.txt
View File

@@ -67,6 +67,7 @@ git+https://github.com/Zegocover/enmerkar.git@dbc113798aa4beabdfa2d00e6fef48248e
django-celery==3.3.1 # via -r requirements/edx/base.txt
django-classy-tags==1.0.0 # via -r requirements/edx/base.txt, django-sekizai
django-config-models==2.0.0 # via -r requirements/edx/base.txt, edx-enterprise
django-cookies-samesite==0.5.1 # via -r requirements/edx/base.txt
django-cors-headers==2.5.3 # via -c requirements/edx/../constraints.txt, -r requirements/edx/base.txt
django-countries==5.5 # via -c requirements/edx/../constraints.txt, -r requirements/edx/base.txt, edx-enterprise
django-crum==0.7.5 # via -r requirements/edx/base.txt, edx-enterprise, edx-proctoring, edx-rbac, super-csv