Skip to content

Commit

Permalink
chore: Remove CSRF_TRUSTED_ORIGINS_WITH_SCHEMES variable
Browse files Browse the repository at this point in the history
  • Loading branch information
mfarhan943 committed Dec 2, 2024
1 parent 3a11680 commit 4e47069
Show file tree
Hide file tree
Showing 5 changed files with 1 addition and 21 deletions.
1 change: 0 additions & 1 deletion cms/envs/common.py
Original file line number Diff line number Diff line change
Expand Up @@ -875,7 +875,6 @@
CROSS_DOMAIN_CSRF_COOKIE_DOMAIN = ''
CROSS_DOMAIN_CSRF_COOKIE_NAME = ''
CSRF_TRUSTED_ORIGINS = []
CSRF_TRUSTED_ORIGINS_WITH_SCHEME = []

#################### CAPA External Code Evaluation #############################
XQUEUE_WAITTIME_BETWEEN_REQUESTS = 5 # seconds
Expand Down
6 changes: 0 additions & 6 deletions cms/envs/production.py
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@
import warnings
import yaml

import django
from django.core.exceptions import ImproperlyConfigured
from django.urls import reverse_lazy
from edx_django_utils.plugins import add_plugins
Expand Down Expand Up @@ -239,11 +238,6 @@ def get_env_setting(setting):
# by end users.
CSRF_COOKIE_SECURE = ENV_TOKENS.get('CSRF_COOKIE_SECURE', False)

# values are already updated above with default CSRF_TRUSTED_ORIGINS values but in
# case of new django version these values will override.
if django.VERSION[0] >= 4: # for greater than django 3.2 use schemes.
CSRF_TRUSTED_ORIGINS = ENV_TOKENS.get('CSRF_TRUSTED_ORIGINS_WITH_SCHEME', [])

#Email overrides
MKTG_URL_LINK_MAP.update(ENV_TOKENS.get('MKTG_URL_LINK_MAP', {}))
MKTG_URL_OVERRIDES.update(ENV_TOKENS.get('MKTG_URL_OVERRIDES', MKTG_URL_OVERRIDES))
Expand Down
1 change: 0 additions & 1 deletion lms/envs/common.py
Original file line number Diff line number Diff line change
Expand Up @@ -3403,7 +3403,6 @@ def _make_locale_paths(settings): # pylint: disable=missing-function-docstring
# end users
CSRF_COOKIE_SECURE = False
CSRF_TRUSTED_ORIGINS = []
CSRF_TRUSTED_ORIGINS_WITH_SCHEME = []
CROSS_DOMAIN_CSRF_COOKIE_DOMAIN = ''
CROSS_DOMAIN_CSRF_COOKIE_NAME = ''

Expand Down
5 changes: 0 additions & 5 deletions lms/envs/production.py
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@
import os

import yaml
import django
from django.core.exceptions import ImproperlyConfigured
from edx_django_utils.plugins import add_plugins
from openedx_events.event_bus import merge_producer_configs
Expand Down Expand Up @@ -368,10 +367,6 @@ def get_env_setting(setting):

# Determines which origins are trusted for unsafe requests eg. POST requests.
CSRF_TRUSTED_ORIGINS = ENV_TOKENS.get('CSRF_TRUSTED_ORIGINS', [])
# values are already updated above with default CSRF_TRUSTED_ORIGINS values but in
# case of new django version these values will override.
if django.VERSION[0] >= 4: # for greater than django 3.2 use schemes.
CSRF_TRUSTED_ORIGINS = ENV_TOKENS.get('CSRF_TRUSTED_ORIGINS_WITH_SCHEME', [])

############# CORS headers for cross-domain requests #################

Expand Down
9 changes: 1 addition & 8 deletions lms/envs/test.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@
from uuid import uuid4

import openid.oidutil
import django
from django.utils.translation import gettext_lazy
from edx_django_utils.plugins import add_plugins
from path import Path as path
Expand Down Expand Up @@ -650,10 +649,4 @@
SURVEY_REPORT_ENABLE = True
ANONYMOUS_SURVEY_REPORT = False

CSRF_TRUSTED_ORIGINS = ['.example.com']
CSRF_TRUSTED_ORIGINS_WITH_SCHEME = ['https://*.example.com']

# values are already updated above with default CSRF_TRUSTED_ORIGINS values but in
# case of new django version these values will override.
if django.VERSION[0] >= 4: # for greater than django 3.2 use with schemes.
CSRF_TRUSTED_ORIGINS = CSRF_TRUSTED_ORIGINS_WITH_SCHEME
CSRF_TRUSTED_ORIGINS = ['https://*.example.com']

0 comments on commit 4e47069

Please sign in to comment.