- 18 Mar, 2015 1 commit
-
-
Brian Wilson committed
-
- 16 Mar, 2015 1 commit
-
-
This commit extends the workaround in `cors_csrf` middleware to Django Rest Framework's SessionAuthentication, which calls Django's CSRF middleware directly. The workaround checks the cross domain whitelist and skips the CSRF referer check for domains on the whitelist.
Will Daly committed
-
- 11 Mar, 2015 2 commits
-
-
Will Daly committed
-
When configured, set an additional cookie with the CSRF token for use by subdomains. The cookie can have a different name than the default CSRF cookie, preventing conflicts between cookies from different domains (e.g. ".edx.org", "courses.edx.org", and "edge.edx.org"). The new cookie is included only on the enrollment API views so that the scope of this change is limited to the end-points that require cross-domain POST requests.
Will Daly committed
-
- 09 Mar, 2015 1 commit
-
-
When configured, set an additional cookie with the CSRF token for use by subdomains. The cookie can have a different name than the default CSRF cookie, preventing conflicts between cookies from different domains (e.g. ".edx.org", "courses.edx.org", and "edge.edx.org"). The new cookie is included only on the enrollment API views so that the scope of this change is limited to the end-points that require cross-domain POST requests.
Will Daly committed
-
- 17 Feb, 2015 1 commit
-
-
xblock-external-ui: Alternate referer check for CORS requests xblock-external-ui: Allow to disable httponly on session cookies xblock-external-ui: Add a unit test for CorsCSRFMiddleware
Xavier Antoviaque committed
-
