From 3e32f88c15d2a92f2051d854e5719cd0caac3662 Mon Sep 17 00:00:00 2001 From: "Adolfo R. Brandes" Date: Fri, 18 Nov 2022 08:56:47 -0300 Subject: [PATCH] feat: common CORS settings for LMS and CMS The ENABLE_CORS_HEADERS feature flag is already true for the LMS. Instead of duplicating it for Studio via yaml settings, make this a common Django setting to both LMS and CMS and all their environments. --- CHANGELOG.md | 2 ++ tutor/templates/apps/openedx/config/lms.env.yml | 1 - .../apps/openedx/settings/partials/common_all.py | 13 ++++++++++--- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8dc4a36..59fb3cf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,8 @@ Every user-facing change should have an entry in this changelog. Please respect ## Unreleased +- [Improvement] Enable CORS by default for both LMS and CMS by moving those settings to the `common_all` partial. (by @arbrandes) + ## v14.2.0 (2022-11-21) - [Improvement] Auto-complete implicit `local/dev --mount /path/to/...` options. (by @regisb) diff --git a/tutor/templates/apps/openedx/config/lms.env.yml b/tutor/templates/apps/openedx/config/lms.env.yml index 53d320e..81fcef8 100644 --- a/tutor/templates/apps/openedx/config/lms.env.yml +++ b/tutor/templates/apps/openedx/config/lms.env.yml @@ -9,7 +9,6 @@ FEATURES: {{ patch("lms-env-features")|indent(2) }} CERTIFICATES_HTML_VIEW: true PREVIEW_LMS_BASE: "{{ PREVIEW_LMS_HOST }}" - ENABLE_CORS_HEADERS: true ENABLE_COURSE_DISCOVERY: true ENABLE_COURSEWARE_SEARCH: true ENABLE_CSMH_EXTENDED: false diff --git a/tutor/templates/apps/openedx/settings/partials/common_all.py b/tutor/templates/apps/openedx/settings/partials/common_all.py index 68fbec4..7f4368d 100644 --- a/tutor/templates/apps/openedx/settings/partials/common_all.py +++ b/tutor/templates/apps/openedx/settings/partials/common_all.py @@ -65,9 +65,6 @@ DATABASE_ROUTERS.remove( # Set uploaded media file path MEDIA_ROOT = "/openedx/media/" -# Add your MFE and third-party app domains here -CORS_ORIGIN_WHITELIST = [] - # Video settings VIDEO_IMAGE_SETTINGS["STORAGE_KWARGS"]["location"] = MEDIA_ROOT VIDEO_TRANSCRIPTS_SETTINGS["STORAGE_KWARGS"]["location"] = MEDIA_ROOT @@ -160,6 +157,16 @@ JWT_AUTH["JWT_ISSUERS"] = [ # Enable/Disable some features globally FEATURES["ENABLE_DISCUSSION_SERVICE"] = False FEATURES["PREVENT_CONCURRENT_LOGINS"] = False +FEATURES["ENABLE_CORS_HEADERS"] = True + +# CORS +CORS_ALLOW_CREDENTIALS = True +CORS_ORIGIN_ALLOW_ALL = False +CORS_ALLOW_INSECURE = {% if ENABLE_HTTPS %}False{% else %}True{% endif %} +CORS_ALLOW_HEADERS = corsheaders_default_headers + ('use-jwt-cookie',) + +# Add your MFE and third-party app domains here +CORS_ORIGIN_WHITELIST = [] # Disable codejail support # explicitely configuring python is necessary to prevent unsafe calls