credentials: add CORS header for static in nginx

91be82f9 · jsa · ebfc5215 · 91be82f9 · 91be82f9
Commit 91be82f9 authored Mar 10, 2016 by jsa
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 0 deletions

playbooks/roles/credentials/defaults/main.yml
+4 -0

playbooks/roles/credentials/templates/edx/app/nginx/sites-available/credentials.j2
+5 -0

No files found.
--- a/playbooks/roles/credentials/defaults/main.yml
+++ b/playbooks/roles/credentials/defaults/main.yml
@@ -46,6 +46,7 @@ CREDENTIALS_CACHES:
    LOCATION: '{{ CREDENTIALS_MEMCACHE }}'

 CREDENTIALS_DJANGO_SETTINGS_MODULE: "credentials.settings.production"
+CREDENTIALS_DOMAIN: 'credentials.example.com'
 CREDENTIALS_URL_ROOT: 'http://credentials:18150'
 CREDENTIALS_OAUTH_URL_ROOT: 'http://127.0.0.1:8000'

@@ -120,6 +121,9 @@ CREDENTIALS_FILE_STORAGE_BACKEND:
  STATICFILES_STORAGE: 'django.contrib.staticfiles.storage.StaticFilesStorage'
  DEFAULT_FILE_STORAGE: 'django.core.files.storage.FileSystemStorage'

+CREDENTIALS_CORS_WHITELIST:
+  - "{{ CREDENTIALS_DOMAIN }}"
+
 CREDENTIALS_VERSION: "master"
 CREDENTIALS_REPOS:
  - PROTOCOL: "{{ COMMON_GIT_PROTOCOL }}"

--- a/playbooks/roles/credentials/templates/edx/app/nginx/sites-available/credentials.j2
+++ b/playbooks/roles/credentials/templates/edx/app/nginx/sites-available/credentials.j2
@@ -39,6 +39,11 @@ server {

  location ~ ^{{ CREDENTIALS_STATIC_URL }}(?P<file>.*) {
    root {{ CREDENTIALS_STATIC_ROOT }};
+
+    if ($http_origin ~* ({{ CREDENTIALS_CORS_WHITELIST|join('|')|replace('.', '\.') }})) {
+      add_header Access-Control-Allow-Origin "$http_origin";
+    }
+
    try_files /$file =404;
  }