Merge pull request #16574 from edx/jeskew/add_request_limits_for_django110

Add request limits to LMS/CMS Django settings.

Merge pull request #16574 from edx/jeskew/add_request_limits_for_django110
Add request limits to LMS/CMS Django settings.
ee36534f · John Eskew · GitHub · 2fbdb8f6 · 1bf74c7d · ee36534f
Unverified Commit ee36534f authored Nov 16, 2017 by John Eskew Committed by GitHub Nov 16, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 14 deletions

cms/envs/common.py
+5 -0

lms/envs/common.py
+5 -14

No files found.
--- a/cms/envs/common.py
+++ b/cms/envs/common.py
@@ -1243,6 +1243,11 @@ ADVANCED_SECURITY_CONFIG = {}
 SHIBBOLETH_DOMAIN_PREFIX = 'shib:'
 OPENID_DOMAIN_PREFIX = 'openid:'

+# Set request limits for maximum size of a request body and maximum number of GET/POST parameters. (>=Django 1.10)
+# Limits are currently disabled - but can be used for finer-grained denial-of-service protection.
+DATA_UPLOAD_MAX_MEMORY_SIZE = None
+DATA_UPLOAD_MAX_NUMBER_FIELDS = None
+
 ### Size of chunks into which asset uploads will be divided
 UPLOAD_CHUNK_SIZE_IN_MB = 10


--- a/lms/envs/common.py
+++ b/lms/envs/common.py
@@ -643,6 +643,11 @@ AUTHENTICATION_BACKENDS = ['ratelimitbackend.backends.RateLimitModelBackend']
 STUDENT_FILEUPLOAD_MAX_SIZE = 4 * 1000 * 1000  # 4 MB
 MAX_FILEUPLOADS_PER_INPUT = 20

+# Set request limits for maximum size of a request body and maximum number of GET/POST parameters. (>=Django 1.10)
+# Limits are currently disabled - but can be used for finer-grained denial-of-service protection.
+DATA_UPLOAD_MAX_MEMORY_SIZE = None
+DATA_UPLOAD_MAX_NUMBER_FIELDS = None
+
 # Configuration option for when we want to grab server error pages
 STATIC_GRAB = False
 DEV_CONTENT = True
@@ -652,10 +657,6 @@ EDX_ROOT_URL = ''
 LOGIN_REDIRECT_URL = EDX_ROOT_URL + '/login'
 LOGIN_URL = EDX_ROOT_URL + '/login'

-COURSE_NAME = "6.002_Spring_2012"
-COURSE_NUMBER = "6.002x"
-COURSE_TITLE = "Circuits and Electronics"
-
 ### Dark code. Should be enabled in local settings for devel.

 ENABLE_MULTICOURSE = False  # set to False to disable multicourse display (see lib.util.views.edXhome)
@@ -664,16 +665,6 @@ WIKI_ENABLED = False

 ###

-COURSE_DEFAULT = '6.002x_Fall_2012'
-COURSE_SETTINGS = {
-    '6.002x_Fall_2012': {
-        'number': '6.002x',
-        'title': 'Circuits and Electronics',
-        'xmlpath': '6002x/',
-        'location': 'i4x://edx/6002xs12/course/6.002x_Fall_2012',
-    }
-}
-
 COURSE_MODE_DEFAULTS = {
    'bulk_sku': None,
    'currency': 'usd',