Commit b8823e22 by Jim Abramson

Merge pull request #2853 from edx/jsa/credentials-nginx-cors-2

credentials: really fix CORS headers for /static
parents 6c22a67e 9647d696
...@@ -15,6 +15,11 @@ upstream credentials_app_server { ...@@ -15,6 +15,11 @@ upstream credentials_app_server {
{% endfor %} {% endfor %}
} }
map $http_origin $cors_header {
default "";
'~*^({{ CREDENTIALS_CORS_WHITELIST|join('|')|replace('.', '\.') }})$' "$http_origin";
}
server { server {
server_name {{ CREDENTIALS_HOSTNAME }}; server_name {{ CREDENTIALS_HOSTNAME }};
...@@ -39,11 +44,7 @@ server { ...@@ -39,11 +44,7 @@ server {
location ~ ^{{ CREDENTIALS_STATIC_URL }}(?P<file>.*) { location ~ ^{{ CREDENTIALS_STATIC_URL }}(?P<file>.*) {
root {{ CREDENTIALS_STATIC_ROOT }}; root {{ CREDENTIALS_STATIC_ROOT }};
add_header Access-Control-Allow-Origin $cors_header always;
if ($http_origin ~* ({{ CREDENTIALS_CORS_WHITELIST|join('|')|replace('.', '\.') }})) {
add_header Access-Control-Allow-Origin "$http_origin";
}
try_files /$file =404; try_files /$file =404;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment