- pass through registration price for use in template
- change conditional for add-to-cart to use registration price
- change conditional for sidebar price field to also include registration price
- remove expected failure in test
- add test for shopping_cart + course without mode
xblock-external-ui: Alternate referer check for CORS requests
xblock-external-ui: Allow to disable httponly on session cookies
xblock-external-ui: Add a unit test for CorsCSRFMiddleware
While this may have served a purpose at one point, it's now been broken
for more than 2 years [1]; a critical code path makes a call to a
function which is no longer imported.
[1] commit 84cb0ce99b
Date: Fri Dec 21 13:15:37 2012 -0500
xblock-external-ui: Include CSRF token in the API answer
xblock-external-ui: Include full path when building local_url
xblock-external-ui: Fix TestHandleXBlockCallback & bok_choy, add tests
xblock-external-ui: Only return `instance` in `_invoke_xblock_handler()`
xblock-external-ui: Group resources by hash tag to avoid duplicate loads
xblock-external-ui: PEP8
xblock-external-ui: Fail early if the XBlock view is called anonymously
We used to serve anonymous requests, but most XBlocks assume that the
user is logged in, which can generate a lot of errors when the user is
accessed or when an XBlock ajax callback is queried. Fail early to only
get one error per page load, and prevent displaying the XBlock
altogether when the LMS doesn't find an active user session.
xblock-external-ui: Add request params in view render context
xblock-external-ui: HTTP error status when file is too large for handler
xblock-external-ui: Fix unicode encodings in XBlock rendering
xblock-external-ui: Feature flag for API call ENABLE_XBLOCK_VIEW_ENDPOINT
The overall behavior of the __init__ method has remained the same.
What's changed is how it determines whether a field is explicitly set.
Instead of using the slower performing editable_metadata_fields, it
calls _field_data.has directly to check for explicitly set fields.
Block users from enrolling in a course if the user
is blocked by country access rules.
1) Enrollment via the login/registration page.
2) Enrollment from the marketing iframe (via student.views.change_enrollment)
3) Enrollment using 100% redeem codes.
4) Enrollment via upgrade.
This does NOT cover enrollment through third party authentication,
which is sufficiently complex to deserve its own commit.
This change will also move us to bok-choy instead of lettuce for
these scenarios, and re-enable them. See TE-736.
Includes some refactoring of repeated event-checking code as well.
