Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
35,515 Commits 1 Branch 0 Tags
209ddc700dfce5bb0aa151c19dafbac8ae7de2d2
Commit Graph

8 Commits

Author SHA1 Message Date
Ned Batchelder
f5d0f3ff55 Remove useless pylint suppressions 2015-11-22 07:41:19 -05:00
Usman Khalid
6cb62f2697 Rebase upgrade Django to v1.8.5 
Please note that this is a squshed commit and the work of:
Symbolist, macdiesel, nedbat, doctoryes, muzaffaryousaf and muhammad-ammar
 2015-11-10 15:00:19 -05:00
Will Daly
8555630df7 Upgrade djangorestframework to v3.1 
* Upgrade edx-submissions
* Upgrade edx-ora2
* Upgrade edx-val
* Upgrade edx-proctoring
* Update all edx-platform code that depends on DRF, including:
  - auth_exchange
  - cors_csrf
  - embargo
  - enrollment
  - util
  - commerce
  - course_structure
  - discussion_api
  - mobile_api
  - notifier_api
  - teams
  - credit
  - profile_images
  - user_api
  - lib/api (OAuth2 and pagination)
 2015-09-25 12:40:57 -04:00
Will Daly
fcc5b1e347 Add proxy to allow IE9 to make xdomain requests 
Adds an /xdomain_proxy.html endpoint that serves
the proxy file from the xdomain library.  This
allows IE9 users to iframe in the proxy page
to simulate a cross-domain request with cookies.
 2015-04-01 09:16:42 -04:00
Brian Wilson
243e2660b0 Merge release to master for 20150317 release. 2015-03-18 18:48:56 -04:00
Will Daly
d9d26796e8 Downgrade CORS middleware warning to info 2015-03-11 15:43:01 -04:00
Will Daly
cbdc269b47 Cross-domain CSRF cookies 
When configured, set an additional cookie with the CSRF
token for use by subdomains.

The cookie can have a different name than the default
CSRF cookie, preventing conflicts between cookies
from different domains (e.g. ".edx.org", "courses.edx.org",
and "edge.edx.org").

The new cookie is included only on the enrollment API
views so that the scope of this change is limited
to the end-points that require cross-domain POST requests.
 2015-03-09 12:32:49 -04:00
Xavier Antoviaque
05c857478b xblock-external-ui: Adds support for CORS headers (cross-domain request) 
xblock-external-ui: Alternate referer check for CORS requests
xblock-external-ui: Allow to disable httponly on session cookies
xblock-external-ui: Add a unit test for CorsCSRFMiddleware
 2015-02-17 10:24:27 +01:00