* feat!: Django 4.0 and above, CSRF_TRUSTED_ORIGINS must include scheme.
* feat!: Django 4.0 and above, CSRF_TRUSTED_ORIGINS must include scheme.
* fix: fix quality failure
* feat!: Django 4.0 and above, CSRF_TRUSTED_ORIGINS must include scheme.
This adds two new urls: `<studio-base>/cms-api/ui` and `<studio-base>/cms-api/schema` with swagger ui and swaggerfile only for the new CMS API using drf-spectacular
It's needed by `make common_constraints.txt`. We're starting to see
failures running this command in lms-shell in devstack. This has probably
been going on the entire time, but the error suppression was only removed
recently in <https://github.com/openedx/edx-platform/pull/33271>.
The new RUN instruction for installing wget is added to the development
layer only, partly to limit image sizes and partly to make life harder for
any attacker who manages to gain code execution in production.
I've moved `USER app` from the end of the `base` layer to the start of the
`production` layer, since the only other layer (in this file) that builds
on `base` is `development`, which more or less immediately switches back
to root. (The intervening COPY instruction is not affected by the current
user.)
Ticket: https://github.com/openedx/edx-platform/issues/33287
This does two major things:
* Removes subsections from a student's course outline if the
subsection's units are all restricted to a cohort that the student
is not a part of (see CohortPartitionGroupsOutlineProcessor).
* Removes sections from the course outline if the user is not allowed
to see any of its child subsections.
This should probably be turned into an ADR at some point, but for
now I've just recreated the page on the public wiki. (The space it
was in had been deleted during the 2U/Axim split.)
Adds a GH workflow that will run `make compile-requirements` and create
a PR for it and overhauls the requirements README with info on how to
use the new workflows.
README changes:
- Group the workflow/makefile info under a new heading
- Switch to imperative for headings
- Move "Upgrade all dependencies" to end of list (uncommon for people to
actually need this command, I suspect)
- Add "Add a dependency"
- Preamble about .in and .txt files and Mac vs. Linux, as well as about forks
Also, some style fixes to upgrade-one-python-dependency GH workflow:
- Fix indentation in inputs block
- Remove "-workflow" from job name (probably copied from another workflow)
- Wrap a long line
Sometimes this make target doubles or even triples the comment. I think
this is due to a temporary failure in the wget call, which is then ignored
and an additional comment is added onto the top. If this happens multiple
times in a row, you get multiple additions.
Removing the `|| touch` should fix this, and surface any errors that are
happening.
The text plugin for requirejs is used to load text assets such as .underscore files.
To avoid CORS issues when loading such assets from a different domain, such as a when
a CDN is in use, this plugin loads such assets as .js files by adding a script tag.
What this means in practice is that if you configure the platform to serve static
assets from a CDN, it will try to load `file.underscore.js` instead of
`file.underscore`. We can override this behaviour by providing a `useXhr` function
for the text plugin configuration. The plugin will use this function to determine
whether to use XHR or the script tag approach.
In this change we are asking it to always use XHR since the concerns about CORS
raised by the plugins documentation don't apply here.
ref: 3f9d4c19b3/README.md (xhr-restrictions)
