This commit extends the workaround in `cors_csrf` middleware
to Django Rest Framework's SessionAuthentication, which
calls Django's CSRF middleware directly.
The workaround checks the cross domain whitelist and
skips the CSRF referer check for domains on the whitelist.
When mathjax is down studio page doesn't work as
it wait for mathjax to load. I replaced the hard
dependency with soft dependency now unit page can
load with mathjax.
When configured, set an additional cookie with the CSRF
token for use by subdomains.
The cookie can have a different name than the default
CSRF cookie, preventing conflicts between cookies
from different domains (e.g. ".edx.org", "courses.edx.org",
and "edge.edx.org").
The new cookie is included only on the enrollment API
views so that the scope of this change is limited
to the end-points that require cross-domain POST requests.
Celery requires all tasks to be in a tasks module. Also, the task has been updated to use default values if the the course structure generator encounters a block without the graded or format fields.
Multi-commit history:
- hide drag functionality for entrance exam section.
- hide entrance exam subsection elements e.g. delete, drag, name etc.
- show unit/verticals expanded in case of entrance exam
- modify code in order to allow user to update entrance exam score from UI.
- write down unit tests.
- write down Jasmine tests.
- add bok-choy test
- updated bok-choy test
- internationalize string
- repositioned sequential block creatori
- SOL-221 (entrance exam message)
- SOL-199 LMS Part (show entrance exam content) and hide the course navigation bar.
- redirect the view in case of entrance exam.
- update code structure as per suggestions
- write down unit tests
- fix pep8
- instead of hiding the exam requirement message, now also showing the exam the completion message (success state).
- write down unit test to show exam completion message.
- Update code as per review suggestions
- update doc string
- addressed review suggestions
- change sequential message text
- css adjustments
- added new css class for entrance exam score in studio
- added Jasmine test for remaning coverage
- sequential message should appear under the context of entrance exam subsection.
- updated text in CMS and LMS as per suggestions.
- added unit text to insure sequential message should not be present in other chapters rather then entrance exam.
- skip setter if empty prerequisite course list
- exclude logic from xblock_info.js that is specifically related to entrance exam.
- added js tests and updated code as per suggestions
- added tests
- addressed several PR issues
- Several small fixes (style, refactoring)
- Fixed score update issue
- added some more unit tests.
- code suggested changes.
- addressed PR feedback
Shim has been updated to handle currents builds of the android and iOS
apps which are not returning the correct semantics/events. Shim now
includes the seek event.
This allows the holder of a third-party access token (e.g. from Google
or Facebook) to get a first-party access token for the edX account
linked to the given access token.
When configured, set an additional cookie with the CSRF
token for use by subdomains.
The cookie can have a different name than the default
CSRF cookie, preventing conflicts between cookies
from different domains (e.g. ".edx.org", "courses.edx.org",
and "edge.edx.org").
The new cookie is included only on the enrollment API
views so that the scope of this change is limited
to the end-points that require cross-domain POST requests.
This commit fixes a bug that could occur when GeoIP
returns a continent code ("EU" or "AN") instead of a
country code. The previous implementation would
block users in this case since the country code
was not on the whitelist (consisting of all known
country codes). The new implementation allows user
access by default if we don't recognize the country code.
