Eri/rebase mango master #780
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Backported from master commit 96b2162/PR #29667
Backport of commit b51f65d from master/ PR #30051
fix: Backport some required changes to the CI workflow
ARCHBOM-2073 Backported from master commit 7c7d7d8/PR #30112.
The versions of pylint are different on master and Maple; pylint 2.11 stops complaining about this line. Just disable the check for the backported code.
The only use is a GET request in admin portal so this view need not be post/put friendly right now. It may actually get removed in an upcoming iteration, or stay readonly. Fixes: SEC-1418 Backported from 283141a
Previously, our rate-limiting code trusted the entire `X-Forwarded-For` header, allowing a malicious client to spoof that header and evade rate-limiting. This commit introduces a new module and setting allowing us to make a more conservative choice of IPs. - Create new `openedx.core.djangoapps.util.ip` module for producing the IP "external chain" for requests based on the XFF header and the REMOTE_ADDR. - Include a function that gives the safest choice of IPs. - Add new setting `CLOSEST_CLIENT_IP_FROM_HEADERS` for configuring how the external chain is derived (i.e. setting the trust boundary). Currently has a default, but we may want to make it mandatory in the future. - Change `django-ratelimit` code to use the proximate IP in the external chain -- the one just outside the trust boundary. Also: - Change `XForwardedForMiddleware` to use more conservative choice for its `REMOTE_ADDR` override - Other adjustments to `XForwardedForMiddleware` as needed in order to initialize new module and support code that needs the real `REMOTE_ADDR` value - Metrics for observability into the change (and XFF composition) - Feature switch to restore legacy mode if needed This also gives us a path forward to removing use of the django-ipware package, which is no longer maintained and has a handful of bugs that make it difficult to use safely. Internal ticket: ARCHBOM-2056 Backported from a251d18
The logic here seems to work, but Django 4.0 won't install over our other pinned requirements, so tests fail for Django 4.0. (cherry picked from commit e7caec5)
Implements a feature flag DISABLE_UNENROLLMENT that is used to disable students un-enrollment for all courses. The Unenrollment option should be disabled when this feature is set to True. ref: BB-4951 Co-authored-by: tinumide <[email protected]> Co-authored-by: Tim McCormack <[email protected]> (cherry picked from commit da4a6d6)
The target URL on logout page is marked as safe while rendering and making the page volunerable to Cross-site scripting vulnerability. Rendered the target variable outside safe HTML so that it should be treated as text. VAN-972
…ng assets (#30309) * fix: Pin npm package @edx/studio-frontend to 1.17.0 * fix: pin npm package @edx/studio-frontend to 1.17.0 to fix missing assets issue * fix: Update npm package @edx/studio-frontend to 1.19.1 * fix: run npm install * fix: recreate package-lock.json
fix: get CELERY_RESULT_BACKEND from ENV_TOKENS
[BACKPORT] fixup! feat: options for excluding courses from search (#28518)
Backport filters that didn't make it to nutmeg release: * Add filter before certificate creation starts - Add filters interactions with code that used generate_certificate_task - Add unit-testing for filters - Upgrade to latest library update (cherry picked from commit e8fa890) * Add cohort change filter before moving users from cohorts (cherry picked from commit 465e5c0) * Add filter before certificate rendering process starts (cherry picked from commit 7f974d1) * Add filter before course dashboard rendering process starts - Add dashboard filter to dashboard student's view - Add tests/docs for filter's integration (cherry picked from commit 895a649) * Add filter before course about rendering process starts (cherry picked from commit ccfa0b4) * Integrate cohort assignment filter definition to cohort model (cherry picked from commit ec69659)
* Add PreEnrollmentFilter * Add PreRegisterFilter * Add PreLoginFilter
feat: backport filters
feat: backport HomepageRenderStarted and CatalogRenderStarted filters
…lters DS-228-backport HomepageRenderStarted and CatalogRenderStarted filters
These changes should improve the performance caused by the file I/O when it's running in docker, using lru_cache to save thousands of calls to listdir when running with a handful of themes defined in COMPREHENSIVE_THEME_DIRS.
…-xblock fix: update xblock-drag-and-drop for a high level security alert
Merge pull request #32032 from raccoongang/sagirov/tCRIL_GA-18 [FC-0014] Add GA 4 support to edX platform Co-authored-by: Brian Mesick <[email protected]>
(cherry picked from commit 4f62355)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Rebase mango.master from cag/temporary-ceibal