Fixed CORS for credentials

LEARNER-568

playbooks/roles/credentials/defaults/main.yml

@@ -108,12 +108,13 @@ CREDENTIALS_FILE_STORAGE_BACKEND:
   STATICFILES_STORAGE: 'django.contrib.staticfiles.storage.ManifestStaticFilesStorage'
   DEFAULT_FILE_STORAGE: 'django.core.files.storage.FileSystemStorage'
 
-# Note: the protocol for CORS whitelist values is necessary for matching the correct origin by nginx
-CREDENTIALS_CORS_WHITELIST_DEFAULT:
-  - "{{ CREDENTIALS_DOMAIN }}"
 
-CREDENTIALS_CORS_WHITELIST_EXTRA: []
-CREDENTIALS_CORS_WHITELIST: "{{ CREDENTIALS_CORS_WHITELIST_DEFAULT + CREDENTIALS_CORS_WHITELIST_EXTRA }}"
+CREDENTIALS_CORS_ORIGIN_ALLOW_ALL: false
+CREDENTIALS_CORS_ORIGIN_WHITELIST_DEFAULT:
+ - "{{ CREDENTIALS_DOMAIN }}"
+
+CREDENTIALS_CORS_ORIGIN_WHITELIST_EXTRA: []
+CREDENTIALS_CORS_ORIGIN_WHITELIST: "{{ CREDENTIALS_CORS_ORIGIN_WHITELIST_DEFAULT + CREDENTIALS_CORS_ORIGIN_WHITELIST_EXTRA }}"
 
 CREDENTIALS_VERSION: "master"
 CREDENTIALS_REPOS:
@@ -179,6 +180,9 @@ CREDENTIALS_SERVICE_CONFIG:
 
   JWT_AUTH: '{{ CREDENTIALS_JWT_AUTH }}'
 
+  CORS_ORIGIN_WHITELIST: '{{ CREDENTIALS_CORS_ORIGIN_WHITELIST }}'
+  CORS_ORIGIN_ALLOW_ALL: '{{ CREDENTIALS_CORS_ORIGIN_ALLOW_ALL }}'
+
 #
 # vars are namespace with the module name.
 #

playbooks/roles/credentials/templates/edx/app/nginx/sites-available/credentials.j2

@@ -15,11 +15,6 @@ upstream credentials_app_server {
 {% endfor %}
 }
 
-map $http_origin $cors_header {
-  default "";
-  '~*^https?://({{ CREDENTIALS_CORS_WHITELIST|join('|')|replace('.', '\.') }})$' "$http_origin";
-}
-
 server {
   server_name {{ CREDENTIALS_HOSTNAME }};
 
@@ -44,8 +39,6 @@ server {
 
   location ~ ^{{ CREDENTIALS_STATIC_URL }}(?P<file>.*) {
     root {{ CREDENTIALS_STATIC_ROOT }};
-    add_header Access-Control-Allow-Origin $cors_header always;
-    add_header Cache-Control "max-age=31536000";
     try_files /$file =404;
   }