christianlight
/
tutor
mirror of https://github.com/ChristianLight/tutor.git
7
0
Fork 0
Code Issues Releases Activity

Simplify CORS configuration 

CORS headers are no longer handled by nginx, but directly by the LMS.
This makes it possible by 3rd-party apps to easily add domain names to
the CORS whitelist, even when they are not subdomains of the LMS.
This commit is contained in:
Régis Behmo 2020-10-13 13:34:12 +02:00
parent 9f94a12c7d
commit 2f7742b099
4 changed files with 8 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@ -2,6 +2,10 @@
Note: Breaking changes between versions are indicated by "💥".
## Unreleased
- 💥[Improvement] Simplify CORS configuration
## v10.2.4 (2020-10-06)
- [Bugfix] Fix Apache proxy configuration when HTTPS is enabled (#370)

12
tutor/templates/apps/nginx/lms.conf
View File

@ -12,11 +12,6 @@ server {
}
{% endif %}
map $http_origin $allow_origin {
# Accept requests coming from all subdomains of the LMS host
~^{% if ACTIVATE_HTTPS %}https{% else %}http{% endif %}://.*\.{{ LMS_HOST }}$ $http_origin;
}
server {
{% if ACTIVATE_HTTPS %}listen 443 {{ "" if WEB_PROXY else "ssl" }};{% else %}listen 80;{% endif %}
server_name {{ LMS_HOST }} preview.{{ LMS_HOST }};
@ -30,13 +25,6 @@ server {
client_max_body_size 4M;
server_tokens off;
# CORS configuration
add_header 'Access-Control-Allow-Origin' '$allow_origin';
add_header 'Access-Control-Allow-Credentials' 'true';
# sampled from edx.org
add_header 'Access-Control-Allow-Headers' 'accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with, use-jwt-cookie';
add_header 'Access-Control-Max-Age' 86400;
rewrite ^(.*)/favicon.ico$ /static/images/favicon.ico last;
location @proxy_to_lms_app {

1
tutor/templates/apps/openedx/config/lms.env.json
View File

@ -10,6 +10,7 @@
{{ patch("lms-env-features", separator=",\n", suffix=",")|indent(4) }}
"CERTIFICATES_HTML_VIEW": true,
"PREVIEW_LMS_BASE": "preview.{{ LMS_HOST }}",
"ENABLE_CORS_HEADERS": true,
"ENABLE_COURSE_DISCOVERY": true,
"ENABLE_COURSEWARE_SEARCH": true,
"ENABLE_CSMH_EXTENDED": false,

3
tutor/templates/apps/openedx/settings/partials/common_all.py
View File

@ -30,6 +30,9 @@ DATABASE_ROUTERS.remove(
# Set uploaded media file path
MEDIA_ROOT = "/openedx/media/"
# Add your MFE and third-party app domains here
CORS_ORIGIN_WHITELIST = []
# Video settings
VIDEO_IMAGE_SETTINGS["STORAGE_KWARGS"]["location"] = MEDIA_ROOT
VIDEO_TRANSCRIPTS_SETTINGS["STORAGE_KWARGS"]["location"] = MEDIA_ROOT