Commits · 5b7f48c5ed6c386570a194c6d0539430af3c0c38 · edx / edx-platform

28 Sep, 2015 2 commits

Revert "Merge DRF 3.1 in to master" · 2fd6add5
Ben Patterson committed 9 years ago

2fd6add5 Browse Directory

Upgrade djangorestframework to v3.1 · d11ccad0

* Upgrade edx-submissions
* Upgrade edx-ora2
* Upgrade edx-val
* Upgrade edx-proctoring
* Update all edx-platform code that depends on DRF, including:
  - auth_exchange
  - cors_csrf
  - embargo
  - enrollment
  - util
  - commerce
  - course_structure
  - discussion_api
  - mobile_api
  - notifier_api
  - teams
  - credit
  - profile_images
  - user_api
  - lib/api (OAuth2 and pagination)

committed 9 years ago

d11ccad0 Browse Directory

25 Sep, 2015 1 commit

Upgrade djangorestframework to v3.1 · 8555630d

* Upgrade edx-submissions
* Upgrade edx-ora2
* Upgrade edx-val
* Upgrade edx-proctoring
* Update all edx-platform code that depends on DRF, including:
  - auth_exchange
  - cors_csrf
  - embargo
  - enrollment
  - util
  - commerce
  - course_structure
  - discussion_api
  - mobile_api
  - notifier_api
  - teams
  - credit
  - profile_images
  - user_api
  - lib/api (OAuth2 and pagination)

committed 9 years ago

8555630d Browse Directory

03 Apr, 2015 1 commit

Add proxy to allow IE9 to make xdomain requests · 645f9c2c

Adds an /xdomain_proxy.html endpoint that serves
the proxy file from the xdomain library.  This
allows IE9 users to iframe in the proxy page
to simulate a cross-domain request with cookies.

committed 9 years ago

645f9c2c Browse Directory

01 Apr, 2015 1 commit

Add proxy to allow IE9 to make xdomain requests · fcc5b1e3

Adds an /xdomain_proxy.html endpoint that serves
the proxy file from the xdomain library.  This
allows IE9 users to iframe in the proxy page
to simulate a cross-domain request with cookies.

committed 9 years ago

fcc5b1e3 Browse Directory

18 Mar, 2015 1 commit
- Merge release to master for 20150317 release. · 243e2660
  Brian Wilson committed 9 years ago
  
  243e2660 Browse Directory
16 Mar, 2015 1 commit

Skip CSRF referer check for cross-domain requests. · b625e8e3

This commit extends the workaround in `cors_csrf` middleware
to Django Rest Framework's SessionAuthentication, which
calls Django's CSRF middleware directly.

The workaround checks the cross domain whitelist and
skips the CSRF referer check for domains on the whitelist.

committed 9 years ago

b625e8e3 Browse Directory

11 Mar, 2015 1 commit

Cross-domain CSRF cookies · a5a303ae

When configured, set an additional cookie with the CSRF
token for use by subdomains.

The cookie can have a different name than the default
CSRF cookie, preventing conflicts between cookies
from different domains (e.g. ".edx.org", "courses.edx.org",
and "edge.edx.org").

The new cookie is included only on the enrollment API
views so that the scope of this change is limited
to the end-points that require cross-domain POST requests.

committed 10 years ago

a5a303ae Browse Directory

09 Mar, 2015 1 commit

Cross-domain CSRF cookies · cbdc269b

When configured, set an additional cookie with the CSRF
token for use by subdomains.

The cookie can have a different name than the default
CSRF cookie, preventing conflicts between cookies
from different domains (e.g. ".edx.org", "courses.edx.org",
and "edge.edx.org").

The new cookie is included only on the enrollment API
views so that the scope of this change is limited
to the end-points that require cross-domain POST requests.

committed 10 years ago

cbdc269b Browse Directory