edx-platform icon indicating copy to clipboard operation
edx-platform copied to clipboard
verified publisher icon openedx

temp: add monitoring for cors_csfr utility

Open dwong2708 opened this issue 6 months ago • 15 comments

Description

This PR adds monitoring related to the cors_csrf utility to support the ongoing deprecation process, as outlined in this ticket: https://github.com/openedx/edx-platform/issues/33627#issuecomment-2891674624.

The goal is to identify all current usages of the cors_csrf functionality, as described in the linked comment, and move the deprecation process forward to the next phase: "transition unblocked."

The cors_csfr utility relies on two middlewares, one decorator, and one custom authentication class.

My working theory is as follows:

I suspect this utility is not widely used. If that’s the case, I’d like to identify all the Django views where it’s applied and examine the Referer and Host headers of incoming requests.

To verify this, I added custom attributes to the middleware and decorator—just for debugging purposes.

dwong2708 avatar Jun 09 '25 21:06 dwong2708