support strict-mode requiring JWT on render req

drdrew42 · Sep 1, 2021 · a16ab00 · a16ab00
1 parent 8072c07
commit a16ab00
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 2 deletions.
diff --git a/lib/RenderApp.pm b/lib/RenderApp.pm
@@ -43,7 +43,7 @@ sub startup {
 	$self->plugin('Config');
 	$self->plugin('TagHelpers');
 	$self->secrets($self->config('secrets'));
-	for ( qw(problemJWTsecret webworkJWTsecret baseURL formURL SITE_HOST MOJO_MODE) ) {
+	for ( qw(problemJWTsecret webworkJWTsecret baseURL formURL SITE_HOST MOJO_MODE STRICT_JWT) ) {
 		$ENV{$_} //= $self->config($_);
 	};
 

diff --git a/lib/RenderApp/Controller/Render.pm b/lib/RenderApp/Controller/Render.pm
@@ -8,7 +8,7 @@ use WeBWorK::Form;
 sub parseRequest {
   my $c = shift;
   my %params = WeBWorK::Form->new_from_paramable($c->req)->Vars;
-  if ($c->app->mode eq 'production' && !( defined $params{problemJWT} || defined $params{sessionJWT} )) {
+  if ($ENV{STRICT_JWT} && !( defined $params{problemJWT} || defined $params{sessionJWT} )) {
     $c->exception('Not allowed to request problems with raw data.', 403);
     return undef;
   }

diff --git a/render_app.conf.dist b/render_app.conf.dist
@@ -7,6 +7,7 @@
   SITE_HOST => 'http://localhost:3000',
   CORS_ORIGIN => '*',
   MOJO_MODE => 'development',
+  STRICT_JWT => 0,
   hypnotoad => {
     listen => ['http://*:3000'],
     accepts => 400,