diff --git a/cms/envs/common.py b/cms/envs/common.py index bdb3ec6fde..f5b74c326b 100644 --- a/cms/envs/common.py +++ b/cms/envs/common.py @@ -105,12 +105,9 @@ TEMPLATE_CONTEXT_PROCESSORS = ( 'django.core.context_processors.static', 'django.contrib.messages.context_processors.messages', 'django.contrib.auth.context_processors.auth', # this is required for admin + 'django.core.context_processors.csrf' ) -# add csrf support unless disabled for load testing -if not MITX_FEATURES.get('AUTOMATIC_AUTH_FOR_LOAD_TESTING'): - TEMPLATE_CONTEXT_PROCESSORS += ('django.core.context_processors.csrf',) # necessary for csrf protection - LMS_BASE = None #################### CAPA External Code Evaluation ############################# @@ -141,6 +138,7 @@ MIDDLEWARE_CLASSES = ( 'request_cache.middleware.RequestCache', 'django.middleware.cache.UpdateCacheMiddleware', 'django.middleware.common.CommonMiddleware', + 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'method_override.middleware.MethodOverrideMiddleware', @@ -157,10 +155,6 @@ MIDDLEWARE_CLASSES = ( 'django.middleware.transaction.TransactionMiddleware' ) -# add in csrf middleware unless disabled for load testing -if not MITX_FEATURES.get('AUTOMATIC_AUTH_FOR_LOAD_TESTING'): - MIDDLEWARE_CLASSES = MIDDLEWARE_CLASSES + ('django.middleware.csrf.CsrfViewMiddleware',) - ############################ SIGNAL HANDLERS ################################ # This is imported to register the exception signal handling that logs exceptions import monitoring.exceptions # noqa diff --git a/lms/envs/common.py b/lms/envs/common.py index 29e0de7d91..6c64cf1d90 100644 --- a/lms/envs/common.py +++ b/lms/envs/common.py @@ -223,6 +223,7 @@ TEMPLATE_CONTEXT_PROCESSORS = ( 'django.contrib.messages.context_processors.messages', #'django.core.context_processors.i18n', 'django.contrib.auth.context_processors.auth', # this is required for admin + 'django.core.context_processors.csrf', # Added for django-wiki 'django.core.context_processors.media', @@ -235,10 +236,6 @@ TEMPLATE_CONTEXT_PROCESSORS = ( 'mitxmako.shortcuts.marketing_link_context_processor', ) -# add csrf support unless disabled for load testing -if not MITX_FEATURES.get('AUTOMATIC_AUTH_FOR_LOAD_TESTING'): - TEMPLATE_CONTEXT_PROCESSORS += ('django.core.context_processors.csrf',) # necessary for csrf protection - STUDENT_FILEUPLOAD_MAX_SIZE = 4 * 1000 * 1000 # 4 MB MAX_FILEUPLOADS_PER_INPUT = 20 @@ -485,6 +482,7 @@ MIDDLEWARE_CLASSES = ( 'django.contrib.messages.middleware.MessageMiddleware', 'track.middleware.TrackMiddleware', 'mitxmako.middleware.MakoMiddleware', + 'django.middleware.csrf.CsrfViewMiddleware', 'course_wiki.course_nav.Middleware', @@ -498,10 +496,6 @@ MIDDLEWARE_CLASSES = ( 'codejail.django_integration.ConfigureCodeJailMiddleware', ) -# add in csrf middleware unless disabled for load testing -if not MITX_FEATURES.get('AUTOMATIC_AUTH_FOR_LOAD_TESTING'): - MIDDLEWARE_CLASSES = MIDDLEWARE_CLASSES + ('django.middleware.csrf.CsrfViewMiddleware',) - ############################### Pipeline ####################################### STATICFILES_STORAGE = 'pipeline.storage.PipelineCachedStorage' diff --git a/lms/envs/load_test.py b/lms/envs/load_test.py new file mode 100644 index 0000000000..f4d3cae758 --- /dev/null +++ b/lms/envs/load_test.py @@ -0,0 +1,16 @@ +""" +Settings for load testing. +""" + +# We intentionally define lots of variables that aren't used, and +# want to import all variables from base settings files +# pylint: disable=W0401, W0614 + +from .aws import * + +# Disable CSRF for load testing +exclude_csrf = lambda elem: not elem in \ + ['django.core.context_processors.csrf', + 'django.middleware.csrf.CsrfViewMiddleware'] +TEMPLATE_CONTEXT_PROCESSORS = filter(exclude_csrf, TEMPLATE_CONTEXT_PROCESSORS) +MIDDLEWARE_CLASSES = filter(exclude_csrf, MIDDLEWARE_CLASSES)