Whitelist the lti_provider endpoint

This uses OAuth1 and configured tokens and shouldn't use basic auth.

Whitelist the lti_provider endpoint
This uses OAuth1 and configured tokens and shouldn't use basic auth.
ec12c57f · Kevin Falcone · 2a482e9e · ec12c57f
Commit ec12c57f authored Sep 01, 2015 by Kevin Falcone
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/lms.j2
+5 -0

No files found.
--- a/playbooks/roles/nginx/templates/edx/app/nginx/sites-available/lms.j2
+++ b/playbooks/roles/nginx/templates/edx/app/nginx/sites-available/lms.j2
@@ -149,6 +149,11 @@ error_page {{ k }} {{ v }};
    try_files $uri @proxy_to_lms_app;
  }

+  # No basic auth on the LTI provider endpoint, it does OAuth1
+  location /lti_provider {
+    try_files $uri @proxy_to_lms_app;
+  }
+
  location /courses {
    {%- if EDXAPP_ENABLE_RATE_LIMITING -%}
    # Set Limit