edx-platform

Andal.LND/edx-platform

Fork 0

Commit Graph

Author	SHA1	Message	Date
Will Daly	fcc5b1e347	Add proxy to allow IE9 to make xdomain requests Adds an /xdomain_proxy.html endpoint that serves the proxy file from the xdomain library. This allows IE9 users to iframe in the proxy page to simulate a cross-domain request with cookies.	2015-04-01 09:16:42 -04:00
Brian Wilson	243e2660b0	Merge release to master for 20150317 release.	2015-03-18 18:48:56 -04:00
Will Daly	cbdc269b47	Cross-domain CSRF cookies When configured, set an additional cookie with the CSRF token for use by subdomains. The cookie can have a different name than the default CSRF cookie, preventing conflicts between cookies from different domains (e.g. ".edx.org", "courses.edx.org", and "edge.edx.org"). The new cookie is included only on the enrollment API views so that the scope of this change is limited to the end-points that require cross-domain POST requests.	2015-03-09 12:32:49 -04:00

Author

SHA1

Message

Date

Will Daly

fcc5b1e347

Add proxy to allow IE9 to make xdomain requests

Adds an /xdomain_proxy.html endpoint that serves
the proxy file from the xdomain library.  This
allows IE9 users to iframe in the proxy page
to simulate a cross-domain request with cookies.

2015-04-01 09:16:42 -04:00

Brian Wilson

243e2660b0

Merge release to master for 20150317 release.

2015-03-18 18:48:56 -04:00

Will Daly

cbdc269b47

Cross-domain CSRF cookies

When configured, set an additional cookie with the CSRF
token for use by subdomains.

The cookie can have a different name than the default
CSRF cookie, preventing conflicts between cookies
from different domains (e.g. ".edx.org", "courses.edx.org",
and "edge.edx.org").

The new cookie is included only on the enrollment API
views so that the scope of this change is limited
to the end-points that require cross-domain POST requests.

2015-03-09 12:32:49 -04:00

3 Commits