Merge pull request #1894 from edx/will/cross-domain-csrf-cookie

Add settings for the cross-domain CSRF cookie

Merge pull request #1894 from edx/will/cross-domain-csrf-cookie
Add settings for the cross-domain CSRF cookie
4253f61f · Will Daly · b348398e · 8b754c35 · 4253f61f
Commit 4253f61f authored Mar 11, 2015 by Will Daly
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 0 deletions

playbooks/roles/edxapp/defaults/main.yml
+6 -0

No files found.
--- a/playbooks/roles/edxapp/defaults/main.yml
+++ b/playbooks/roles/edxapp/defaults/main.yml
@@ -165,6 +165,7 @@ EDXAPP_FEATURES:
  ENABLE_DISCUSSION_HOME_PANEL: true
  ENABLE_COMBINED_LOGIN_REGISTRATION: true
  ENABLE_CORS_HEADERS: false
+  ENABLE_CROSS_DOMAIN_CSRF_COOKIE: false
  ENABLE_COUNTRY_ACCESS: false
  ENABLE_VIDEO_BEACON: false

@@ -416,6 +417,9 @@ EDXAPP_VIDEO_UPLOAD_PIPELINE:

 EDXAPP_CORS_ORIGIN_WHITELIST: []
 EDXAPP_CORS_ORIGIN_ALLOW_ALL: false
+EDXAPP_CROSS_DOMAIN_CSRF_COOKIE_DOMAIN: ""
+EDXAPP_CROSS_DOMAIN_CSRF_COOKIE_NAME: ""
+
 # Video Beacon Settings
 CDN_VIDEO_URLS: {}
 PERFORMANCE_GRAPHITE_URL: 'SetPerformanceGraphiteHostName'
@@ -613,6 +617,8 @@ generic_cache_config: &default_generic_cache
 generic_env_config:  &edxapp_generic_env
  CORS_ORIGIN_WHITELIST: "{{ EDXAPP_CORS_ORIGIN_WHITELIST }}"
  CORS_ORIGIN_ALLOW_ALL: $EDXAPP_CORS_ORIGIN_ALLOW_ALL
+  CROSS_DOMAIN_CSRF_COOKIE_DOMAIN: "{{ EDXAPP_CROSS_DOMAIN_CSRF_COOKIE_DOMAIN }}"
+  CROSS_DOMAIN_CSRF_COOKIE_NAME: "{{ EDXAPP_CROSS_DOMAIN_CSRF_COOKIE_NAME }}"
  VIDEO_UPLOAD_PIPELINE: "{{ EDXAPP_VIDEO_UPLOAD_PIPELINE }}"
  DEPRECATED_ADVANCED_COMPONENT_TYPES: "{{ EDXAPP_DEPRECATED_ADVANCED_COMPONENT_TYPES }}"
  OAUTH_OIDC_ISSUER: "https://{{ EDXAPP_LMS_BASE }}/oauth2"