Added the ability to specify additional whitelisted domains for CORS for

the credentials service. LEARNER-516

Added the ability to specify additional whitelisted domains for CORS for
the credentials service. LEARNER-516
dc023faf · Clinton Blackburn · 59e98eeb · dc023faf · dc023faf
Commit dc023faf authored Apr 13, 2017 by Clinton Blackburn
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 4 deletions

playbooks/roles/credentials/defaults/main.yml
+5 -3

playbooks/roles/credentials/templates/edx/app/nginx/sites-available/credentials.j2
+1 -1

No files found.
--- a/playbooks/roles/credentials/defaults/main.yml
+++ b/playbooks/roles/credentials/defaults/main.yml
@@ -109,9 +109,11 @@ CREDENTIALS_FILE_STORAGE_BACKEND:
  DEFAULT_FILE_STORAGE: 'django.core.files.storage.FileSystemStorage'
 # Note: the protocol for CORS whitelist values is necessary for matching the correct origin by nginx
-CREDENTIALS_CORS_WHITELIST:
+CREDENTIALS_CORS_WHITELIST_DEFAULT:
-  - "http://{{ CREDENTIALS_DOMAIN }}"
+  - "{{ CREDENTIALS_DOMAIN }}"
-  - "https://{{ CREDENTIALS_DOMAIN }}"
+CREDENTIALS_CORS_WHITELIST_EXTRA: []
+CREDENTIALS_CORS_WHITELIST: "{{ CREDENTIALS_CORS_WHITELIST_DEFAULT + CREDENTIALS_CORS_WHITELIST_EXTRA }}"
 CREDENTIALS_VERSION: "master"
 CREDENTIALS_REPOS:

--- a/playbooks/roles/credentials/templates/edx/app/nginx/sites-available/credentials.j2
+++ b/playbooks/roles/credentials/templates/edx/app/nginx/sites-available/credentials.j2
@@ -17,7 +17,7 @@ upstream credentials_app_server {
 map $http_origin $cors_header {
  default "";
-  '~*^({{ CREDENTIALS_CORS_WHITELIST|join('|')|replace('.', '\.') }})$' "$http_origin";
+  '~*^https?://({{ CREDENTIALS_CORS_WHITELIST|join('|')|replace('.', '\.') }})$' "$http_origin";
 }
 server {