From d5a7d3a1193e033d1f68337cdb675b8bf4a7c6a1 Mon Sep 17 00:00:00 2001 From: Braden MacDonald Date: Wed, 20 Mar 2024 07:05:09 -0700 Subject: [PATCH] fix(library-authoring): the MFE was not on the CSRF allowlist (#22) --- .../patches/openedx-cms-development-settings | 1 + .../patches/openedx-cms-production-settings | 1 + 2 files changed, 2 insertions(+) diff --git a/plugins/tutor-contrib-library-authoring-mfe/tutor_library_authoring_mfe/patches/openedx-cms-development-settings b/plugins/tutor-contrib-library-authoring-mfe/tutor_library_authoring_mfe/patches/openedx-cms-development-settings index b0d977a..81e7ade 100644 --- a/plugins/tutor-contrib-library-authoring-mfe/tutor_library_authoring_mfe/patches/openedx-cms-development-settings +++ b/plugins/tutor-contrib-library-authoring-mfe/tutor_library_authoring_mfe/patches/openedx-cms-development-settings @@ -1,3 +1,4 @@ LIBRARY_AUTHORING_MICROFRONTEND_URL = "http://{{ MFE_HOST }}:{{ get_mfe('library-authoring')['port'] }}/library-authoring/" CORS_ORIGIN_WHITELIST.append("http://{{ MFE_HOST }}:{{ get_mfe('library-authoring')['port'] }}") LOGIN_REDIRECT_WHITELIST.append("{{ MFE_HOST }}:{{ get_mfe('library-authoring')['port'] }}") +CSRF_TRUSTED_ORIGINS.append("http://{{ MFE_HOST }}:{{ get_mfe('library-authoring')['port'] }}") diff --git a/plugins/tutor-contrib-library-authoring-mfe/tutor_library_authoring_mfe/patches/openedx-cms-production-settings b/plugins/tutor-contrib-library-authoring-mfe/tutor_library_authoring_mfe/patches/openedx-cms-production-settings index be68c6d..5d0bc14 100644 --- a/plugins/tutor-contrib-library-authoring-mfe/tutor_library_authoring_mfe/patches/openedx-cms-production-settings +++ b/plugins/tutor-contrib-library-authoring-mfe/tutor_library_authoring_mfe/patches/openedx-cms-production-settings @@ -1,3 +1,4 @@ LIBRARY_AUTHORING_MICROFRONTEND_URL = "{% if ENABLE_HTTPS %}https://{% else %}http://{% endif %}{{ MFE_HOST }}/library-authoring/" CORS_ORIGIN_WHITELIST.append("{% if ENABLE_HTTPS %}https://{% else %}http://{% endif %}{{ MFE_HOST }}") LOGIN_REDIRECT_WHITELIST.append("{{ MFE_HOST }}") +CSRF_TRUSTED_ORIGINS.append("{% if ENABLE_HTTPS %}https://{% else %}http://{% endif %}{{ MFE_HOST }}")