mirror of
https://github.com/ChristianLight/tutor.git
synced 2024-12-12 06:07:56 +00:00
Add CORS config to LMS
By default, all subdomains of the LMS are allowed. For reference: https://enable-cors.org/server_nginx.html https://stackoverflow.com/questions/54313216/nginx-config-to-enable-cors-with-origin-matching
This commit is contained in:
parent
b1c7dab03e
commit
055c3cad3f
@ -4,6 +4,7 @@ Note: Breaking changes between versions are indicated by "💥".
|
|||||||
|
|
||||||
## Unreleased
|
## Unreleased
|
||||||
|
|
||||||
|
- [Improvement] Add CORS basic configuration to LMS for subdomains of the LMS
|
||||||
- [Feature] Add support for `images build --add-host` option (thanks @grinderz!)
|
- [Feature] Add support for `images build --add-host` option (thanks @grinderz!)
|
||||||
- [Bugfix] Fix podman compatibility by replacing `docker-compose rm` command by `docker-compose stop` when stopping containers
|
- [Bugfix] Fix podman compatibility by replacing `docker-compose rm` command by `docker-compose stop` when stopping containers
|
||||||
- [Improvement] Improve plugin data deletion
|
- [Improvement] Improve plugin data deletion
|
||||||
|
@ -12,6 +12,11 @@ server {
|
|||||||
}
|
}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
map $http_origin $allow_origin {
|
||||||
|
# Accept requests coming from all subdomains of the LMS host
|
||||||
|
~^{% if ACTIVATE_HTTPS %}https{% else %}http{% endif %}://.*\.{{ LMS_HOST }}$ $http_origin;
|
||||||
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
{% if ACTIVATE_HTTPS %}listen 443 {{ "" if WEB_PROXY else "ssl" }};{% else %}listen 80;{% endif %}
|
{% if ACTIVATE_HTTPS %}listen 443 {{ "" if WEB_PROXY else "ssl" }};{% else %}listen 80;{% endif %}
|
||||||
server_name {{ LMS_HOST }} preview.{{ LMS_HOST }};
|
server_name {{ LMS_HOST }} preview.{{ LMS_HOST }};
|
||||||
@ -25,6 +30,13 @@ server {
|
|||||||
client_max_body_size 4M;
|
client_max_body_size 4M;
|
||||||
server_tokens off;
|
server_tokens off;
|
||||||
|
|
||||||
|
# CORS configuration
|
||||||
|
add_header 'Access-Control-Allow-Origin' '$allow_origin';
|
||||||
|
add_header 'Access-Control-Allow-Credentials' 'true';
|
||||||
|
# sampled from edx.org
|
||||||
|
add_header 'Access-Control-Allow-Headers' 'accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with, use-jwt-cookie';
|
||||||
|
add_header 'Access-Control-Max-Age' 86400;
|
||||||
|
|
||||||
rewrite ^(.*)/favicon.ico$ /static/images/favicon.ico last;
|
rewrite ^(.*)/favicon.ico$ /static/images/favicon.ico last;
|
||||||
|
|
||||||
location @proxy_to_lms_app {
|
location @proxy_to_lms_app {
|
||||||
|
Loading…
Reference in New Issue
Block a user