security: use http proxy for requests

appsembler / xblock-grade-fetcher

Grade Fetcher XBlock

MIT License

2 stars 1 forks source link

security: use http proxy for requests #22

Closed amirtds closed 2 years ago

amirtds commented 2 years ago

Change description

Proxy all Grade Fetcher XBlock calls to prevent internal calls to localhost:18000 or other services. We should add something like the following to the site settings in Django admin:

EDXAPP_XBLOCK_SETTINGS:
  GRADEFETCHER:
    proxies:
      - https: "https:/my-proxy.com:8090"
      - http: "http:/my-proxy.com:8090"

amirtds commented 2 years ago

please add tests, otherwise the fixes are good

Sure, I'm focusing on the unit tests to have them ready for your review.