Merge pull request #2849 from edx/jsa/credentials-nginx-cors

credentials: add CORS header for static in nginx

playbooks/roles/credentials/defaults/main.yml

@@ -46,7 +46,8 @@ CREDENTIALS_CACHES:
     LOCATION: '{{ CREDENTIALS_MEMCACHE }}'
 
 CREDENTIALS_DJANGO_SETTINGS_MODULE: "credentials.settings.production"
-CREDENTIALS_URL_ROOT: 'http://credentials:18150'
+CREDENTIALS_DOMAIN: 'credentials'
+CREDENTIALS_URL_ROOT: 'http://{{ CREDENTIALS_DOMAIN }}:18150'
 CREDENTIALS_OAUTH_URL_ROOT: 'http://127.0.0.1:8000'
 
 CREDENTIALS_SECRET_KEY: 'SET-ME-TO-A-UNIQUE-LONG-RANDOM-STRING'
@@ -123,6 +124,9 @@ CREDENTIALS_FILE_STORAGE_BACKEND:
   STATICFILES_STORAGE: 'django.contrib.staticfiles.storage.StaticFilesStorage'
   DEFAULT_FILE_STORAGE: 'django.core.files.storage.FileSystemStorage'
 
+CREDENTIALS_CORS_WHITELIST:
+  - "{{ CREDENTIALS_DOMAIN }}"
+
 CREDENTIALS_VERSION: "master"
 CREDENTIALS_REPOS:
   - PROTOCOL: "{{ COMMON_GIT_PROTOCOL }}"

playbooks/roles/credentials/templates/edx/app/nginx/sites-available/credentials.j2

@@ -39,6 +39,11 @@ server {
 
   location ~ ^{{ CREDENTIALS_STATIC_URL }}(?P<file>.*) {
     root {{ CREDENTIALS_STATIC_ROOT }};
+
+    if ($http_origin ~* ({{ CREDENTIALS_CORS_WHITELIST|join('|')|replace('.', '\.') }})) {
+      add_header Access-Control-Allow-Origin "$http_origin";
+    }
+
     try_files /$file =404;
   }
 

util/jenkins/ansible-provision.sh

@@ -277,7 +277,8 @@ PROGRAMS_URL_ROOT: "https://programs-${deploy_host}"
 PROGRAMS_SOCIAL_AUTH_REDIRECT_IS_HTTPS: true
 
 CREDENTIALS_LMS_URL_ROOT: "https://${deploy_host}"
-CREDENTIALS_URL_ROOT: "https://credentials-${deploy_host}"
+CREDENTIALS_DOMAIN: "credentials-${deploy_host}"
+CREDENTIALS_URL_ROOT: "http://{{ CREDENTIALS_DOMAIN }}"
 CREDENTIALS_SOCIAL_AUTH_REDIRECT_IS_HTTPS: true
 COURSE_DISCOVERY_ECOMMERCE_API_URL: "https://ecommerce-${deploy_host}/api/v2"