Cross-domain CSRF cookies
When configured, set an additional cookie with the CSRF token for use by subdomains. The cookie can have a different name than the default CSRF cookie, preventing conflicts between cookies from different domains (e.g. ".edx.org", "courses.edx.org", and "edge.edx.org"). The new cookie is included only on the enrollment API views so that the scope of this change is limited to the end-points that require cross-domain POST requests.
Showing
- cms/envs/common.py 7 additions, 0 deletionscms/envs/common.py
- common/djangoapps/cors_csrf/decorators.py 28 additions, 0 deletionscommon/djangoapps/cors_csrf/decorators.py
- common/djangoapps/cors_csrf/middleware.py 170 additions, 15 deletionscommon/djangoapps/cors_csrf/middleware.py
- common/djangoapps/cors_csrf/tests.py 0 additions, 101 deletionscommon/djangoapps/cors_csrf/tests.py
- common/djangoapps/cors_csrf/tests/__init__.py 0 additions, 0 deletionscommon/djangoapps/cors_csrf/tests/__init__.py
- common/djangoapps/cors_csrf/tests/test_decorators.py 24 additions, 0 deletionscommon/djangoapps/cors_csrf/tests/test_decorators.py
- common/djangoapps/cors_csrf/tests/test_middleware.py 275 additions, 0 deletionscommon/djangoapps/cors_csrf/tests/test_middleware.py
- common/djangoapps/enrollment/views.py 15 additions, 8 deletionscommon/djangoapps/enrollment/views.py
- common/test/db_cache/bok_choy_data.json 1 addition, 1 deletioncommon/test/db_cache/bok_choy_data.json
- common/test/db_cache/bok_choy_schema.sql 461 additions, 213 deletionscommon/test/db_cache/bok_choy_schema.sql
- lms/envs/aws.py 36 additions, 6 deletionslms/envs/aws.py
- lms/envs/common.py 16 additions, 5 deletionslms/envs/common.py
Loading
Please register or sign in to comment