Files
edx-platform/openedx/core/djangoapps
Tim McCormack eeb35733bb fix: Update cors_csrf middleware for Django 4.0 (#33262)
Remove use of Django's `CSRF_COOKIE_USED`, which is no longer leaked
outside of the dynamic scope of the Django csrf middleware as of Django
4.0. Specifically, https://github.com/django/django/pull/14688 replaced
that META entry and a request attribute with a single META entry
`CSRF_COOKIE_NEEDS_UPDATE`, which is then set back to False once the CSRF
cookie is set by the middleware's process_response.

We'll send the cross-domain cookie if the decorator requests it and the
value is present, regardless of whether the same-domain cookie would have
been sent. (And we'll still *set* `CSRF_COOKIE_NEEDS_UPDATE` to ensure that
a cookie gets generated.)

See https://github.com/openedx/edx-platform/issues/33207
2023-09-15 14:34:25 +00:00
..