mirror of
https://github.com/ChristianLight/tutor.git
synced 2024-12-11 21:57:59 +00:00
Add CORS config to LMS
By default, all subdomains of the LMS are allowed. For reference: https://enable-cors.org/server_nginx.html https://stackoverflow.com/questions/54313216/nginx-config-to-enable-cors-with-origin-matching
This commit is contained in:
parent
b1c7dab03e
commit
055c3cad3f
@ -4,6 +4,7 @@ Note: Breaking changes between versions are indicated by "💥".
|
||||
|
||||
## Unreleased
|
||||
|
||||
- [Improvement] Add CORS basic configuration to LMS for subdomains of the LMS
|
||||
- [Feature] Add support for `images build --add-host` option (thanks @grinderz!)
|
||||
- [Bugfix] Fix podman compatibility by replacing `docker-compose rm` command by `docker-compose stop` when stopping containers
|
||||
- [Improvement] Improve plugin data deletion
|
||||
|
@ -12,6 +12,11 @@ server {
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
map $http_origin $allow_origin {
|
||||
# Accept requests coming from all subdomains of the LMS host
|
||||
~^{% if ACTIVATE_HTTPS %}https{% else %}http{% endif %}://.*\.{{ LMS_HOST }}$ $http_origin;
|
||||
}
|
||||
|
||||
server {
|
||||
{% if ACTIVATE_HTTPS %}listen 443 {{ "" if WEB_PROXY else "ssl" }};{% else %}listen 80;{% endif %}
|
||||
server_name {{ LMS_HOST }} preview.{{ LMS_HOST }};
|
||||
@ -25,8 +30,15 @@ server {
|
||||
client_max_body_size 4M;
|
||||
server_tokens off;
|
||||
|
||||
# CORS configuration
|
||||
add_header 'Access-Control-Allow-Origin' '$allow_origin';
|
||||
add_header 'Access-Control-Allow-Credentials' 'true';
|
||||
# sampled from edx.org
|
||||
add_header 'Access-Control-Allow-Headers' 'accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with, use-jwt-cookie';
|
||||
add_header 'Access-Control-Max-Age' 86400;
|
||||
|
||||
rewrite ^(.*)/favicon.ico$ /static/images/favicon.ico last;
|
||||
|
||||
|
||||
location @proxy_to_lms_app {
|
||||
{% if not WEB_PROXY %}
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
Loading…
Reference in New Issue
Block a user