Merge branch 'master' into jbarciauskas/fixes-to-vagrant-devstack-post-docker-merge

4b3c8d7a · Joel Barciauskas · GitHub · 9d9b2255 · e608ac21 · 4b3c8d7a
Commit 4b3c8d7a authored Apr 14, 2017 by Joel Barciauskas Committed by GitHub Apr 14, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 32 additions and 21 deletions

playbooks/roles/alton/tasks/deploy.yml
+0 -5

playbooks/roles/alton/tasks/tag_ec2.yml
+0 -16

playbooks/roles/credentials/templates/edx/app/nginx/sites-available/credentials.j2
+32 -0

No files found.
--- a/playbooks/roles/alton/tasks/deploy.yml
+++ b/playbooks/roles/alton/tasks/deploy.yml
@@ -71,8 +71,3 @@
    config: "{{ supervisor_cfg }}"
    state: started
  when: not disable_edx_services
-
- include: tag_ec2.yml
-  when: COMMON_TAG_EC2_INSTANCE
-  tags:
-    - deploy
--- a/playbooks/roles/alton/tasks/tag_ec2.yml
+++ b/playbooks/roles/alton/tasks/tag_ec2.yml
---
-
- name: get instance information
-  action: ec2_facts
-  tags:
-    - deploy
-
- name: tag instance
-  ec2_tag:
-    resource: "{{ ansible_ec2_instance_id }}"
-    region: "{{ ansible_ec2_placement_region }}"
-    tags:
-      "version:alton" : "{{ alton_source_repo }} {{ alton_checkout.after }}"
-  when: alton_checkout.after is defined
-  tags:
-  - deploy
--- a/playbooks/roles/credentials/templates/edx/app/nginx/sites-available/credentials.j2
+++ b/playbooks/roles/credentials/templates/edx/app/nginx/sites-available/credentials.j2
@@ -38,7 +38,39 @@ server {
  }

  location ~ ^{{ CREDENTIALS_STATIC_URL }}(?P<file>.*) {
+    # Determine if we want to send the CORS headers
+    if ($http_origin ~ '^https?://({{ CREDENTIALS_CORS_ORIGIN_WHITELIST|join('|')|replace('.', '\.') }})/') {
+      set $cors 'true';
+    }
+
+    # All headers need to be set in one block. We cannot, for example, set default headers here and add more
+    # in an if statement. Thus, we have duplicate add_header directives in multiple if blocks.
+    # Adapted from http://stackoverflow.com/questions/27955233/nginx-config-for-cors-add-header-directive-is-not-allowed.
+    if ($request_method = 'OPTIONS') {
+      set $cors "${cors}options";
+    }
+
+    if ($request_method = 'GET') {
+      set $cors "${cors}get";
+    }
+
+    if ($cors = "trueget") {
+      add_header 'Access-Control-Allow-Origin' "$http_origin";
+      add_header 'Access-Control-Allow-Credentials' 'true';
+    }
+
+    if ($cors = "trueoptions") {
+      add_header 'Access-Control-Allow-Origin' "$http_origin";
+      add_header 'Access-Control-Allow-Credentials' 'true';
+      add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+      add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
+      add_header 'Content-Length' 0;
+      add_header 'Content-Type' 'text/plain charset=UTF-8';
+      return 204;
+    }
+
    root {{ CREDENTIALS_STATIC_ROOT }};
+    add_header Cache-Control "max-age=31536000";
    try_files /$file =404;
  }