From 5b89c2f5b8605b48684992acee00d999e5e94bbd Mon Sep 17 00:00:00 2001
From: Gabe Mulley <gabe@edx.org>
Date: Mon, 23 Apr 2018 14:50:02 -0400
Subject: [PATCH] support cross domain ajax requests to the experiments APIs
---
lms/djangoapps/experiments/views.py | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/lms/djangoapps/experiments/views.py b/lms/djangoapps/experiments/views.py
index e26ce73d1ca..a22f66b39ea 100644
--- a/lms/djangoapps/experiments/views.py
+++ b/lms/djangoapps/experiments/views.py
@@ -10,12 +10,18 @@ from experiments import filters, serializers
from experiments.models import ExperimentData, ExperimentKeyValue
from experiments.permissions import IsStaffOrOwner, IsStaffOrReadOnly
from openedx.core.lib.api.authentication import SessionAuthenticationAllowInactiveUser
+from openedx.core.djangoapps.cors_csrf.authentication import SessionAuthenticationCrossDomainCsrf
User = get_user_model() # pylint: disable=invalid-name
+class ExperimentCrossDomainSessionAuth(SessionAuthenticationAllowInactiveUser, SessionAuthenticationCrossDomainCsrf):
+ """Session authentication that allows inactive users and cross-domain requests. """
+ pass
+
+
class ExperimentDataViewSet(viewsets.ModelViewSet):
- authentication_classes = (JwtAuthentication, SessionAuthenticationAllowInactiveUser,)
+ authentication_classes = (JwtAuthentication, ExperimentCrossDomainSessionAuth,)
filter_backends = (DjangoFilterBackend,)
filter_class = filters.ExperimentDataFilter
permission_classes = (permissions.IsAuthenticated, IsStaffOrOwner,)
@@ -83,7 +89,7 @@ class ExperimentDataViewSet(viewsets.ModelViewSet):
class ExperimentKeyValueViewSet(viewsets.ModelViewSet):
- authentication_classes = (JwtAuthentication, SessionAuthenticationAllowInactiveUser,)
+ authentication_classes = (JwtAuthentication, ExperimentCrossDomainSessionAuth,)
filter_backends = (DjangoFilterBackend,)
filter_class = filters.ExperimentKeyValueFilter
permission_classes = (IsStaffOrReadOnly,)
--
GitLab