Skip to content

C
configuration
Commit 3fefd84e by e0d Committed by Edward Zarecor
Options

Adding config to enable secure CSRF

parent 53dbc8f8
Showing with 2 additions and 0 deletions
playbooks/roles/edxapp/defaults/main.yml
...@@ -491,6 +491,7 @@ EDXAPP_CORS_ORIGIN_WHITELIST: [] ...@@ -491,6 +491,7 @@ EDXAPP_CORS_ORIGIN_WHITELIST: []
EDXAPP_CORS_ORIGIN_ALLOW_ALL: false EDXAPP_CORS_ORIGIN_ALLOW_ALL: false
EDXAPP_CROSS_DOMAIN_CSRF_COOKIE_DOMAIN: "" EDXAPP_CROSS_DOMAIN_CSRF_COOKIE_DOMAIN: ""
EDXAPP_CROSS_DOMAIN_CSRF_COOKIE_NAME: "" EDXAPP_CROSS_DOMAIN_CSRF_COOKIE_NAME: ""
EDXAPP_CSRF_COOKIE_SECURE: false
# Video Beacon Settings # Video Beacon Settings
CDN_VIDEO_URLS: {} CDN_VIDEO_URLS: {}
...@@ -755,6 +756,7 @@ generic_env_config: &edxapp_generic_env ...@@ -755,6 +756,7 @@ generic_env_config: &edxapp_generic_env
CORS_ORIGIN_ALLOW_ALL: "{{ EDXAPP_CORS_ORIGIN_ALLOW_ALL }}" CORS_ORIGIN_ALLOW_ALL: "{{ EDXAPP_CORS_ORIGIN_ALLOW_ALL }}"
CROSS_DOMAIN_CSRF_COOKIE_DOMAIN: "{{ EDXAPP_CROSS_DOMAIN_CSRF_COOKIE_DOMAIN }}" CROSS_DOMAIN_CSRF_COOKIE_DOMAIN: "{{ EDXAPP_CROSS_DOMAIN_CSRF_COOKIE_DOMAIN }}"
CROSS_DOMAIN_CSRF_COOKIE_NAME: "{{ EDXAPP_CROSS_DOMAIN_CSRF_COOKIE_NAME }}" CROSS_DOMAIN_CSRF_COOKIE_NAME: "{{ EDXAPP_CROSS_DOMAIN_CSRF_COOKIE_NAME }}"
CSRF_COOKIE_SECURE: "{{ EDXAPP_CSRF_COOKIE_SECURE }}"
VIDEO_UPLOAD_PIPELINE: "{{ EDXAPP_VIDEO_UPLOAD_PIPELINE }}" VIDEO_UPLOAD_PIPELINE: "{{ EDXAPP_VIDEO_UPLOAD_PIPELINE }}"
DEPRECATED_ADVANCED_COMPONENT_TYPES: "{{ EDXAPP_DEPRECATED_ADVANCED_COMPONENT_TYPES }}" DEPRECATED_ADVANCED_COMPONENT_TYPES: "{{ EDXAPP_DEPRECATED_ADVANCED_COMPONENT_TYPES }}"
OAUTH_OIDC_ISSUER: "{{ EDXAPP_LMS_ISSUER }}" OAUTH_OIDC_ISSUER: "{{ EDXAPP_LMS_ISSUER }}"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment