From 19709cd36faf0a62f2e0a8acfe9986d3ce073a73 Mon Sep 17 00:00:00 2001
From: Jeremy Bowman <jbowman@edx.org>
Date: Wed, 6 Dec 2017 13:18:00 -0500
Subject: [PATCH] PLAT-1749 Support Django 1.10+ CSRF tokens
---
cms/envs/common.py | 2 +-
lms/envs/common.py | 2 +-
lms/envs/load_test.py | 2 +-
openedx/core/djangoapps/cors_csrf/middleware.py | 2 +-
openedx/core/djangoapps/cors_csrf/tests/test_middleware.py | 2 +-
requirements/edx/base.txt | 1 +
6 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/cms/envs/common.py b/cms/envs/common.py
index b859640f3e7..461766eef71 100644
--- a/cms/envs/common.py
+++ b/cms/envs/common.py
@@ -442,7 +442,7 @@ MIDDLEWARE_CLASSES = [
'openedx.core.djangoapps.header_control.middleware.HeaderControlMiddleware',
'django.middleware.cache.UpdateCacheMiddleware',
'django.middleware.common.CommonMiddleware',
- 'django.middleware.csrf.CsrfViewMiddleware',
+ 'birdcage.v1_11.csrf.CsrfViewMiddleware',
'django.contrib.sites.middleware.CurrentSiteMiddleware',
# Instead of SessionMiddleware, we use a more secure version
diff --git a/lms/envs/common.py b/lms/envs/common.py
index de666c6b476..a1a562e2aac 100644
--- a/lms/envs/common.py
+++ b/lms/envs/common.py
@@ -1268,7 +1268,7 @@ MIDDLEWARE_CLASSES = [
'corsheaders.middleware.CorsMiddleware',
'openedx.core.djangoapps.cors_csrf.middleware.CorsCSRFMiddleware',
'openedx.core.djangoapps.cors_csrf.middleware.CsrfCrossDomainCookieMiddleware',
- 'django.middleware.csrf.CsrfViewMiddleware',
+ 'birdcage.v1_11.csrf.CsrfViewMiddleware',
'splash.middleware.SplashMiddleware',
diff --git a/lms/envs/load_test.py b/lms/envs/load_test.py
index 7b7e7df4051..6b1018ecdd3 100644
--- a/lms/envs/load_test.py
+++ b/lms/envs/load_test.py
@@ -11,7 +11,7 @@ from .aws import *
# Disable CSRF for load testing
EXCLUDE_CSRF = lambda elem: elem not in [
'django.template.context_processors.csrf',
- 'django.middleware.csrf.CsrfViewMiddleware'
+ 'birdcage.v1_11.csrf.CsrfViewMiddleware'
]
DEFAULT_TEMPLATE_ENGINE['OPTIONS']['context_processors'] = filter(
EXCLUDE_CSRF, DEFAULT_TEMPLATE_ENGINE['OPTIONS']['context_processors']
diff --git a/openedx/core/djangoapps/cors_csrf/middleware.py b/openedx/core/djangoapps/cors_csrf/middleware.py
index 53bed42aade..ab4d82a6930 100644
--- a/openedx/core/djangoapps/cors_csrf/middleware.py
+++ b/openedx/core/djangoapps/cors_csrf/middleware.py
@@ -46,7 +46,7 @@ import logging
from django.conf import settings
from django.core.exceptions import ImproperlyConfigured, MiddlewareNotUsed
-from django.middleware.csrf import CsrfViewMiddleware
+from birdcage.v1_11.csrf import CsrfViewMiddleware
from .helpers import is_cross_domain_request_allowed, skip_cross_domain_referer_check
diff --git a/openedx/core/djangoapps/cors_csrf/tests/test_middleware.py b/openedx/core/djangoapps/cors_csrf/tests/test_middleware.py
index 9c6480ba92c..6fc3f7d1ced 100644
--- a/openedx/core/djangoapps/cors_csrf/tests/test_middleware.py
+++ b/openedx/core/djangoapps/cors_csrf/tests/test_middleware.py
@@ -9,7 +9,7 @@ from django.test import TestCase
from django.test.utils import override_settings
from django.core.exceptions import MiddlewareNotUsed, ImproperlyConfigured
from django.http import HttpResponse
-from django.middleware.csrf import CsrfViewMiddleware
+from birdcage.v1_11.csrf import CsrfViewMiddleware
from ..middleware import CorsCSRFMiddleware, CsrfCrossDomainCookieMiddleware
diff --git a/requirements/edx/base.txt b/requirements/edx/base.txt
index 68f93478373..bc227602796 100644
--- a/requirements/edx/base.txt
+++ b/requirements/edx/base.txt
@@ -17,6 +17,7 @@ dealer==2.0.4
defusedxml==0.4.1
django-babel-underscore==0.5.2
markey==0.8 # From django-babel-underscore
+django-birdcage==1.0.0
django-config-models==0.1.8
django-countries==4.6.1
django-filter==1.0.4
--
GitLab