Skip to content

Commit

Permalink
fix: add missing CSRF configuration
Browse files Browse the repository at this point in the history
When introducing dynamic config[1], `CSRF_TOKEN_API_PATH` was removed
from the MFE build environment and not added to the corresponding Django
settings, leading to POST failures across the board.

This addresses the problem by adding `CSRF_TOKEN_API_PATH` back in.

[1] #69
Adolfo R. Brandes authored and arbrandes committed Dec 9, 2022
1 parent 5e2da85 commit 7e06203
Showing 2 changed files with 2 additions and 0 deletions.
1 change: 1 addition & 0 deletions tutormfe/patches/openedx-lms-development-settings
Original file line number Diff line number Diff line change
@@ -27,6 +27,7 @@ CSRF_TRUSTED_ORIGINS.append("{{ MFE_HOST }}:{{ app["port"] }}")
# https://openedx.github.io/frontend-platform/module-Config.html
MFE_CONFIG = {
"BASE_URL": "{{ MFE_HOST }}",
"CSRF_TOKEN_API_PATH": "/csrf/api/v1/token",
{%- if MFE_PROFILE_MFE_APP %}
"ACCOUNT_PROFILE_URL": "http://{{ MFE_HOST }}:{{ MFE_PROFILE_MFE_APP["port"] }}",
{%- endif %}
1 change: 1 addition & 0 deletions tutormfe/patches/openedx-lms-production-settings
Original file line number Diff line number Diff line change
@@ -24,6 +24,7 @@ ALLOWED_HOSTS.append("{{ MFE_HOST }}")
# Start of Dynamic config API settings
MFE_CONFIG = {
"BASE_URL": "{{ MFE_HOST }}",
"CSRF_TOKEN_API_PATH": "/csrf/api/v1/token",
{%- if MFE_PROFILE_MFE_APP %}
"ACCOUNT_PROFILE_URL": "{% if ENABLE_HTTPS %}https://{% else %}http://{% endif %}{{ MFE_HOST }}/{{ MFE_PROFILE_MFE_APP["name"] }}",
{%- endif %}

0 comments on commit 7e06203

Please sign in to comment.