From 055c3cad3f8d1acd6934e82983349e27558771a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9gis=20Behmo?= Date: Fri, 4 Sep 2020 22:51:40 +0200 Subject: [PATCH] Add CORS config to LMS By default, all subdomains of the LMS are allowed. For reference: https://enable-cors.org/server_nginx.html https://stackoverflow.com/questions/54313216/nginx-config-to-enable-cors-with-origin-matching --- CHANGELOG.md | 1 + tutor/templates/apps/nginx/lms.conf | 14 +++++++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5a87ed7..2e36726 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ Note: Breaking changes between versions are indicated by "💥". ## Unreleased +- [Improvement] Add CORS basic configuration to LMS for subdomains of the LMS - [Feature] Add support for `images build --add-host` option (thanks @grinderz!) - [Bugfix] Fix podman compatibility by replacing `docker-compose rm` command by `docker-compose stop` when stopping containers - [Improvement] Improve plugin data deletion diff --git a/tutor/templates/apps/nginx/lms.conf b/tutor/templates/apps/nginx/lms.conf index a415a67..42f8eca 100644 --- a/tutor/templates/apps/nginx/lms.conf +++ b/tutor/templates/apps/nginx/lms.conf @@ -12,6 +12,11 @@ server { } {% endif %} +map $http_origin $allow_origin { + # Accept requests coming from all subdomains of the LMS host + ~^{% if ACTIVATE_HTTPS %}https{% else %}http{% endif %}://.*\.{{ LMS_HOST }}$ $http_origin; +} + server { {% if ACTIVATE_HTTPS %}listen 443 {{ "" if WEB_PROXY else "ssl" }};{% else %}listen 80;{% endif %} server_name {{ LMS_HOST }} preview.{{ LMS_HOST }}; @@ -25,8 +30,15 @@ server { client_max_body_size 4M; server_tokens off; + # CORS configuration + add_header 'Access-Control-Allow-Origin' '$allow_origin'; + add_header 'Access-Control-Allow-Credentials' 'true'; + # sampled from edx.org + add_header 'Access-Control-Allow-Headers' 'accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with, use-jwt-cookie'; + add_header 'Access-Control-Max-Age' 86400; + rewrite ^(.*)/favicon.ico$ /static/images/favicon.ico last; - + location @proxy_to_lms_app { {% if not WEB_PROXY %} proxy_set_header X-Forwarded-Proto $scheme;