Merge pull request #2876 from CredoReference/nginx-header-for-ie-high-privacy-mode

Prevent invalid display courseware in IE 10+ with high privacy settings

Merge pull request #2876 from CredoReference/nginx-header-for-ie-high-privacy-mode
Prevent invalid display courseware in IE 10+ with high privacy settings
3f647783 · Kevin Falcone · de7d5e40 · 38e4e3d2 · 3f647783 · 3f647783
Commit 3f647783 authored Apr 12, 2016 by Kevin Falcone
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 0 deletions

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/cms.j2
+3 -0

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/lms.j2
+4 -0

No files found.
--- a/playbooks/roles/nginx/templates/edx/app/nginx/sites-available/cms.j2
+++ b/playbooks/roles/nginx/templates/edx/app/nginx/sites-available/cms.j2
@@ -42,6 +42,9 @@ error_page {{ k }} {{ v }};
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
  {% endif %}

+  # Prevent invalid display courseware in IE 10+ with high privacy settings
+  add_header P3P 'CP="Open EdX does not have a P3P policy."';
+
  # Nginx does not support nested condition or or conditions so
  # there is an unfortunate mix of conditonals here.
  {% if NGINX_REDIRECT_TO_HTTPS %}

--- a/playbooks/roles/nginx/templates/edx/app/nginx/sites-available/lms.j2
+++ b/playbooks/roles/nginx/templates/edx/app/nginx/sites-available/lms.j2
@@ -62,6 +62,10 @@ error_page {{ k }} {{ v }};
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
  {% endif %}

+  # Prevent invalid display courseware in IE 10+ with high privacy settings
+  add_header P3P 'CP="Open EdX does not have a P3P policy."';
+
+
  # Nginx does not support nested condition or or conditions so
  # there is an unfortunate mix of conditonals here.
  {% if NGINX_REDIRECT_TO_HTTPS %}