Merge pull request #2853 from edx/jsa/credentials-nginx-cors-2

credentials: really fix CORS headers for /static

Merge pull request #2853 from edx/jsa/credentials-nginx-cors-2
credentials: really fix CORS headers for /static
b8823e22 · Jim Abramson · 6c22a67e · 9647d696 · b8823e22
Commit b8823e22 authored Mar 11, 2016 by Jim Abramson
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 5 deletions

playbooks/roles/credentials/templates/edx/app/nginx/sites-available/credentials.j2
+6 -5

No files found.
--- a/playbooks/roles/credentials/templates/edx/app/nginx/sites-available/credentials.j2
+++ b/playbooks/roles/credentials/templates/edx/app/nginx/sites-available/credentials.j2
@@ -15,6 +15,11 @@ upstream credentials_app_server {
 {% endfor %}
 }

+map $http_origin $cors_header {
+  default "";
+  '~*^({{ CREDENTIALS_CORS_WHITELIST|join('|')|replace('.', '\.') }})$' "$http_origin";
+}
+
 server {
  server_name {{ CREDENTIALS_HOSTNAME }};

@@ -39,11 +44,7 @@ server {

  location ~ ^{{ CREDENTIALS_STATIC_URL }}(?P<file>.*) {
    root {{ CREDENTIALS_STATIC_ROOT }};
-
-    if ($http_origin ~* ({{ CREDENTIALS_CORS_WHITELIST|join('|')|replace('.', '\.') }})) {
-      add_header Access-Control-Allow-Origin "$http_origin";
-    }
-
+    add_header Access-Control-Allow-Origin $cors_header always;
    try_files /$file =404;
  }