Fix: enrollment overlay in Django 4.0.x (#793)

cal-itp · Jul 18, 2022 · 3733404 · 3733404
2 parents c9615f6 + 9ed26ad
commit 3733404
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/benefits/settings.py b/benefits/settings.py
@@ -114,6 +114,10 @@ def _filter_empty(ls):
 
 SECURE_BROWSER_XSS_FILTER = True
 
+# required so that cross-origin pop-ups (like the enrollment overlay) have access to parent window context
+# https://github.com/cal-itp/benefits/pull/793
+SECURE_CROSS_ORIGIN_OPENER_POLICY = "same-origin-allow-popups"
+
 # the NGINX reverse proxy sits in front of the application in deployed environments
 # SSL terminates before getting to Django, and NGINX adds this header to indicate
 # if the original request was secure or not

diff --git a/requirements.txt b/requirements.txt
@@ -1,5 +1,5 @@
 Authlib==1.0.1
-Django==3.2.14
+Django==4.0.6
 django-csp==3.7
 git+https://github.com/cal-itp/eligibility-api#egg=eligibility_api
 gunicorn==20.1.0