Fix: enrollment overlay in Django 4.0.x (#793)

angela-tran · web-flow · commit 3733404cacf3 · 2022-07-18T17:16:25.000-05:00
diff --git a/benefits/settings.py b/benefits/settings.py
@@ -114,6 +114,10 @@ def _filter_empty(ls):
 
 SECURE_BROWSER_XSS_FILTER = True
 
+# required so that cross-origin pop-ups (like the enrollment overlay) have access to parent window context
+# https://github.com/cal-itp/benefits/pull/793
+SECURE_CROSS_ORIGIN_OPENER_POLICY = "same-origin-allow-popups"
+
 # the NGINX reverse proxy sits in front of the application in deployed environments
 # SSL terminates before getting to Django, and NGINX adds this header to indicate
 # if the original request was secure or not
diff --git a/requirements.txt b/requirements.txt
@@ -1,5 +1,5 @@
 Authlib==1.0.1
-Django==3.2.14
+Django==4.0.6
 django-csp==3.7
 git+https://github.com/cal-itp/eligibility-api#egg=eligibility_api
 gunicorn==20.1.0
