6
0
mirror of https://github.com/ChristianLight/tutor.git synced 2024-12-12 06:07:56 +00:00

Add CORS config to LMS

By default, all subdomains of the LMS are allowed.

For reference:
https://enable-cors.org/server_nginx.html
https://stackoverflow.com/questions/54313216/nginx-config-to-enable-cors-with-origin-matching
This commit is contained in:
Régis Behmo 2020-09-04 22:51:40 +02:00
parent b1c7dab03e
commit 055c3cad3f
2 changed files with 14 additions and 1 deletions

View File

@ -4,6 +4,7 @@ Note: Breaking changes between versions are indicated by "💥".
## Unreleased
- [Improvement] Add CORS basic configuration to LMS for subdomains of the LMS
- [Feature] Add support for `images build --add-host` option (thanks @grinderz!)
- [Bugfix] Fix podman compatibility by replacing `docker-compose rm` command by `docker-compose stop` when stopping containers
- [Improvement] Improve plugin data deletion

View File

@ -12,6 +12,11 @@ server {
}
{% endif %}
map $http_origin $allow_origin {
# Accept requests coming from all subdomains of the LMS host
~^{% if ACTIVATE_HTTPS %}https{% else %}http{% endif %}://.*\.{{ LMS_HOST }}$ $http_origin;
}
server {
{% if ACTIVATE_HTTPS %}listen 443 {{ "" if WEB_PROXY else "ssl" }};{% else %}listen 80;{% endif %}
server_name {{ LMS_HOST }} preview.{{ LMS_HOST }};
@ -25,6 +30,13 @@ server {
client_max_body_size 4M;
server_tokens off;
# CORS configuration
add_header 'Access-Control-Allow-Origin' '$allow_origin';
add_header 'Access-Control-Allow-Credentials' 'true';
# sampled from edx.org
add_header 'Access-Control-Allow-Headers' 'accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with, use-jwt-cookie';
add_header 'Access-Control-Max-Age' 86400;
rewrite ^(.*)/favicon.ico$ /static/images/favicon.ico last;
location @proxy_to_lms_app {