update credentials cors whitelist values

ECOM-3572

playbooks/roles/credentials/defaults/main.yml

@@ -124,8 +124,10 @@ CREDENTIALS_FILE_STORAGE_BACKEND:
   STATICFILES_STORAGE: 'django.contrib.staticfiles.storage.StaticFilesStorage'
   DEFAULT_FILE_STORAGE: 'django.core.files.storage.FileSystemStorage'
 
+# Note: the protocol for CORS whitelist values is necessary for matching the correct origin by nginx
 CREDENTIALS_CORS_WHITELIST:
-  - "{{ CREDENTIALS_DOMAIN }}"
+  - "http://{{ CREDENTIALS_DOMAIN }}"
+  - "https://{{ CREDENTIALS_DOMAIN }}"
 
 CREDENTIALS_VERSION: "master"
 CREDENTIALS_REPOS: