From 4e4706948fb97e7307cec043fabedba870c442f7 Mon Sep 17 00:00:00 2001 From: Muhammad Farhan Date: Tue, 22 Oct 2024 13:20:58 +0500 Subject: [PATCH] chore: Remove CSRF_TRUSTED_ORIGINS_WITH_SCHEMES variable --- cms/envs/common.py | 1 - cms/envs/production.py | 6 ------ lms/envs/common.py | 1 - lms/envs/production.py | 5 ----- lms/envs/test.py | 9 +-------- 5 files changed, 1 insertion(+), 21 deletions(-) diff --git a/cms/envs/common.py b/cms/envs/common.py index 00a384a359c6..5540b219d90c 100644 --- a/cms/envs/common.py +++ b/cms/envs/common.py @@ -875,7 +875,6 @@ CROSS_DOMAIN_CSRF_COOKIE_DOMAIN = '' CROSS_DOMAIN_CSRF_COOKIE_NAME = '' CSRF_TRUSTED_ORIGINS = [] -CSRF_TRUSTED_ORIGINS_WITH_SCHEME = [] #################### CAPA External Code Evaluation ############################# XQUEUE_WAITTIME_BETWEEN_REQUESTS = 5 # seconds diff --git a/cms/envs/production.py b/cms/envs/production.py index ad7667772f9a..627f82fcaec2 100644 --- a/cms/envs/production.py +++ b/cms/envs/production.py @@ -13,7 +13,6 @@ import warnings import yaml -import django from django.core.exceptions import ImproperlyConfigured from django.urls import reverse_lazy from edx_django_utils.plugins import add_plugins @@ -239,11 +238,6 @@ def get_env_setting(setting): # by end users. CSRF_COOKIE_SECURE = ENV_TOKENS.get('CSRF_COOKIE_SECURE', False) -# values are already updated above with default CSRF_TRUSTED_ORIGINS values but in -# case of new django version these values will override. -if django.VERSION[0] >= 4: # for greater than django 3.2 use schemes. - CSRF_TRUSTED_ORIGINS = ENV_TOKENS.get('CSRF_TRUSTED_ORIGINS_WITH_SCHEME', []) - #Email overrides MKTG_URL_LINK_MAP.update(ENV_TOKENS.get('MKTG_URL_LINK_MAP', {})) MKTG_URL_OVERRIDES.update(ENV_TOKENS.get('MKTG_URL_OVERRIDES', MKTG_URL_OVERRIDES)) diff --git a/lms/envs/common.py b/lms/envs/common.py index d74c28e75687..981b2ab47802 100644 --- a/lms/envs/common.py +++ b/lms/envs/common.py @@ -3403,7 +3403,6 @@ def _make_locale_paths(settings): # pylint: disable=missing-function-docstring # end users CSRF_COOKIE_SECURE = False CSRF_TRUSTED_ORIGINS = [] -CSRF_TRUSTED_ORIGINS_WITH_SCHEME = [] CROSS_DOMAIN_CSRF_COOKIE_DOMAIN = '' CROSS_DOMAIN_CSRF_COOKIE_NAME = '' diff --git a/lms/envs/production.py b/lms/envs/production.py index 6dc6be634178..7aebbf080bb3 100644 --- a/lms/envs/production.py +++ b/lms/envs/production.py @@ -22,7 +22,6 @@ import os import yaml -import django from django.core.exceptions import ImproperlyConfigured from edx_django_utils.plugins import add_plugins from openedx_events.event_bus import merge_producer_configs @@ -368,10 +367,6 @@ def get_env_setting(setting): # Determines which origins are trusted for unsafe requests eg. POST requests. CSRF_TRUSTED_ORIGINS = ENV_TOKENS.get('CSRF_TRUSTED_ORIGINS', []) -# values are already updated above with default CSRF_TRUSTED_ORIGINS values but in -# case of new django version these values will override. -if django.VERSION[0] >= 4: # for greater than django 3.2 use schemes. - CSRF_TRUSTED_ORIGINS = ENV_TOKENS.get('CSRF_TRUSTED_ORIGINS_WITH_SCHEME', []) ############# CORS headers for cross-domain requests ################# diff --git a/lms/envs/test.py b/lms/envs/test.py index a9e8aaf9f2e2..b5a06c40c56c 100644 --- a/lms/envs/test.py +++ b/lms/envs/test.py @@ -18,7 +18,6 @@ from uuid import uuid4 import openid.oidutil -import django from django.utils.translation import gettext_lazy from edx_django_utils.plugins import add_plugins from path import Path as path @@ -650,10 +649,4 @@ SURVEY_REPORT_ENABLE = True ANONYMOUS_SURVEY_REPORT = False -CSRF_TRUSTED_ORIGINS = ['.example.com'] -CSRF_TRUSTED_ORIGINS_WITH_SCHEME = ['https://*.example.com'] - -# values are already updated above with default CSRF_TRUSTED_ORIGINS values but in -# case of new django version these values will override. -if django.VERSION[0] >= 4: # for greater than django 3.2 use with schemes. - CSRF_TRUSTED_ORIGINS = CSRF_TRUSTED_ORIGINS_WITH_SCHEME +CSRF_TRUSTED_ORIGINS = ['https://*.example.com']