Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4efd2d161a162829fb93faf5960f933ec5db2213
edx-platform/openedx/core/djangoapps
History
Tim McCormack 4efd2d161a fix: Correctly create origin from URL in CORS CSRF middleware (#29366) 
Deleting all instances of the path from the URL meant that referers like
`https://learning.edx.org/` were turned into `https:learning.edx.org`. The
solution here is to use `urlunparse` to put the URL back together, but only
with the desired components (scheme and authority/netloc).

This relates to our previous upgrade to django-cors-headers 3.x, which
changed to use origins instead of domains in its whitelist setting:

36df86d829 (diff-811d60a3e1d60ff694eace0242e77d6b810d8e9c63c36d7b3c2591a08ebbb94bR58)

Added regression test (fails on master, passes on branch.)

Also:

- Replace word "domain" with "origin" in few places to use the correct
  term. (We should probably change this more broadly in names and comments
  in this module as some point.)
- Simplify logging to just output what we know, and not try to recapitulate
  the logic too much.

ref: BOM-2961
2021-11-22 17:49:57 +00:00
..
ace_common
feat: Update ace email header to match braze email header (#29310)
2021-11-15 10:44:41 -05:00
agreements
Revert "[FEAT]: Add mem caching to the API to create and retrieve IntegritySignature" (#27936)
2021-06-11 13:59:20 -04:00
api_admin
feat: New codemods on OpenedX 1 (#28776)
2021-10-27 13:07:36 +05:00
auth_exchange
feat: New codemods on OpenedX 1 (#28776)
2021-10-27 13:07:36 +05:00
bookmarks
feat: cache course index queries (#29107)
2021-10-27 13:53:10 -04:00
cache_toolbox
refactor: pyupgrade on bookmarks, cache_tools, catalog (#26783)
2021-03-15 18:29:40 +05:00
catalog
feat: New codemods on OpenedX 1 (#28776)
2021-10-27 13:07:36 +05:00
ccxcon
fix: Remove pylint constraint and fix warnings (#28646)
2021-10-20 23:00:13 +05:00
commerce
style: django-not-configured is not a sensible lint-amnesty value (#26862)
2021-03-05 08:11:58 -05:00
common_initialization
pylint amnesty in openedx (#26341)
2021-02-03 14:56:09 +05:00
common_views
refactor: pyupgrade in common_views, config_model_utils (#26915)
2021-03-16 14:14:46 +05:00
config_model_utils
feat: New codemods on OpenedX 1 (#28776)
2021-10-27 13:07:36 +05:00
content
style: code cleanups from Steven Burch (#29292)
2021-11-10 07:11:57 -08:00
content_libraries
style: code cleanups from Steven Burch (#29292)
2021-11-10 07:11:57 -08:00
contentserver
refactor: pyupgrade in content_libraries and contentserver apps (#26892)
2021-03-17 17:28:23 +05:00
cookie_metadata
doc: Small clarification to CookieName Change middleware instructions (#28804)
2021-09-21 13:45:26 +00:00
cors_csrf
fix: Correctly create origin from URL in CORS CSRF middleware (#29366)
2021-11-22 17:49:57 +00:00
course_apps
feat: gate proctoring card in course apps (#29263)
2021-11-08 16:12:30 +05:00
course_date_signals
feat: New codemods on OpenedX 1 (#28776)
2021-10-27 13:07:36 +05:00
course_groups
feat: New codemods on OpenedX 1 (#28776)
2021-10-27 13:07:36 +05:00
coursegraph
fix: fixed build errors blocking django 3.1 and 3.2 tests (#28923)
2021-10-05 00:39:08 +05:00
courseware_api
fix: add integrity signature flag to courseware api
2021-11-05 15:35:04 -04:00
crawlers
chore: Django3 has removed python_2_unicode_compatible.
2021-07-27 23:25:27 +05:00
credentials
feat: New codemods on OpenedX 1 (#28776)
2021-10-27 13:07:36 +05:00
credit
feat: New codemods on OpenedX 1 (#28776)
2021-10-27 13:07:36 +05:00
dark_lang
feat: New codemods on OpenedX 1 (#28776)
2021-10-27 13:07:36 +05:00
debug
feat: New codemods on OpenedX 1 (#28776)
2021-10-27 13:07:36 +05:00
demographics
fix: Add missing init files to trigger linting and address quality errors (#27972)
2021-06-16 13:44:20 -04:00
discussions
fix: edx provider data in the api (#29331)
2021-11-19 18:58:28 +05:00
django_comment_common
Revert "Revert "feat: Add support for returning thread counts for all topics in a course [BD-38] [TNL-8724] [BB-4927] (#29062)" (#29087)" (#29152)
2021-10-29 16:20:48 +05:00
embargo
feat: New codemods on OpenedX 2 (#28777)
2021-10-28 16:45:53 +05:00
enrollments
fix: 🐛 Remove add_user_to_course_cohort function (#28824)
2021-09-22 21:15:39 -04:00
external_user_ids
refactor: Ran pyupgrade on openedx/core/djangoapps (#26936)
2021-04-01 15:00:26 +05:00
geoinfo
refactor: make embargo app go through geoinfo API (#27350)
2021-04-16 14:00:04 -04:00
header_control
refactor: Ran pyupgrade on openedx/core/djangoapps (#26936)
2021-04-01 15:00:26 +05:00
heartbeat
refactor: pyupgrade in heartbeat, lang_pref, models (#26916)
2021-03-16 14:15:01 +05:00
lang_pref
feat: New codemods on OpenedX 2 (#28777)
2021-10-28 16:45:53 +05:00
models
Certificate Display Settings revamp (round 2) (#28286)
2021-08-02 11:30:15 -04:00
monkey_patch
style: django-not-configured is not a sensible lint-amnesty value (#26862)
2021-03-05 08:11:58 -05:00
oauth_dispatch
feat!: remove misleading JWT monitoring (#29142)
2021-10-28 10:06:13 -04:00
olx_rest_api
feat: Add API and command to import blocks from courseware
2021-08-17 09:35:34 -07:00
password_policy
feat: New codemods on OpenedX 2 (#28777)
2021-10-28 16:45:53 +05:00
plugin_api
Pylint amnesty in openedx plugin_api, profile_images and programs apps (#26377)
2021-02-04 17:10:38 +05:00
plugins
Pylint amnesty in openedx plugin_api, profile_images and programs apps (#26377)
2021-02-04 17:10:38 +05:00
profile_images
feat: New codemods on OpenedX 2 (#28777)
2021-10-28 16:45:53 +05:00
programs
feat: New codemods on OpenedX 2 (#28777)
2021-10-28 16:45:53 +05:00
safe_sessions
feat: Add feature toggle to allow broader safe-sessions user checking (#29306)
2021-11-15 15:28:59 +00:00
schedules
feat: New codemods on OpenedX 2 (#28777)
2021-10-28 16:45:53 +05:00
self_paced
feat: New codemods on OpenedX 2 (#28777)
2021-10-28 16:45:53 +05:00
service_status
refactor: ran pyupgrade on openedx/core/djangoapps (#26955)
2021-04-01 15:00:49 +05:00
session_inactivity_timeout
BOM-1121
2020-01-30 16:36:02 +05:00
signals
feat: New codemods on OpenedX 2 (#28777)
2021-10-28 16:45:53 +05:00
site_configuration
feat: New codemods on OpenedX 2 (#28777)
2021-10-28 16:45:53 +05:00
system_wide_roles
refactor: ran pyupgrade on openedx/core/djangoapps (#26956)
2021-04-01 19:27:38 +05:00
theming
feat: New codemods on OpenedX 2 (#28777)
2021-10-28 16:45:53 +05:00
user_api
feat: add optional-exposed extra field type to registration form
2021-11-12 15:24:59 +01:00
user_authn
feat: allow login if email opt-in is enabled
2021-11-22 10:53:33 +05:00
util
feat: New codemods on OpenedX 3 (#28778)
2021-10-22 13:55:51 +05:00
verified_track_content
feat: New codemods on OpenedX 3 (#28778)
2021-10-22 13:55:51 +05:00
video_config
chore: Django3 has removed python_2_unicode_compatible.
2021-07-27 11:55:00 +05:00
video_pipeline
feat: New codemods on OpenedX 3 (#28778)
2021-10-22 13:55:51 +05:00
waffle_utils
feat: New codemods on OpenedX 3 (#28778)
2021-10-22 13:55:51 +05:00
xblock
Revert "[BD-13] Deprecate ModuleSystem.render_template"
2021-11-16 15:16:08 -05:00
xmodule_django
refactor: Ran pyupgrade on openedx/core/djangoapps
2021-04-07 18:57:52 +05:00
zendesk_proxy
refactor: Ran pyupgrade on openedx/core/djangoapps
2021-04-07 18:57:52 +05:00
__init__.py