2.4.5: minor fixes to recent releases
robrap
released this
12 Nov 17:33
- restore public api toggle constants
- add permission of AllowAny to the csrf endpoint
The toggle constants for oauth scopes are used outside of
edx-drf-extensions (in edx-platform), so these constants must survive
and stay separate. NOTE: This problem was introduced in 2.4.2 while
edx-platform remained on 2.4.0. This will be fixed in edx-platform
while upgrading.
This fixes a csrf endpoint bug introduced into the 2.4.3 release,
where an IDA that had a default permission of DjangoModelPermissions
would start failing on this endpoint.
ARCH-1269