Merge pull request #4085 from mckinseyacademy/jia/scorm-setting

YONK-752: add j2 templates for scorm xblock static content access

CHANGELOG.md

 - Role: edxapp
+  - Added `EDXAPP_SCORM_PKG_STORAGE_DIR`, with default value as it was in the server template.
+  - Added `EDXAPP_SCORM_PLAYER_LOCAL_STORAGE_ROOT`, with default value as it was in the server template.
+
+- Role: edxapp
   - Added `ENTERPRISE_SUPPORT_URL` variable used by the LMS.
 
 - Role: edxapp

playbooks/roles/edxapp/defaults/main.yml

@@ -746,6 +746,10 @@ EDXAPP_PASSWORD_MAX_LENGTH: 75
 # The age at which a learner no longer requires parental consent, or None
 EDXAPP_PARENTAL_CONSENT_AGE_LIMIT: 13
 
+# Scorm Xblock configurations
+EDXAPP_SCORM_PKG_STORAGE_DIR: !!null
+EDXAPP_SCORM_PLAYER_LOCAL_STORAGE_ROOT: !!null
+
 #-------- Everything below this line is internal to the role ------------
 
 #Use YAML references (& and *) and hash merge <<: to factor out shared settings

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/extra_locations_lms.j2

+{% if EDXAPP_SCORM_PKG_STORAGE_DIR %}
+    location ~ ^/{{ EDXAPP_MEDIA_URL }}/{{ EDXAPP_SCORM_PKG_STORAGE_DIR }}/(?P<file>.*) {
+        add_header 'Access-Control-Allow-Origin' $cors_origin;
+        add_header 'Access-Control-Allow-Credentials' 'true';
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+
+        root {{ edxapp_media_dir }}/{{ EDXAPP_SCORM_PKG_STORAGE_DIR }};
+        try_files /$file =404;
+        expires 604800s;
+    }
+{% endif %}

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/lms.j2

@@ -43,6 +43,23 @@ geo $http_x_forwarded_for $embargo {
 }
 {%- endif %}
 
+
+{% if EDXAPP_CORS_ORIGIN_WHITELIST|length > 0 %}
+  # The Origin request header indicates where a fetch originates from. It doesn't include any path information,
+  # but only the server name (e.g. https://www.example.com).
+  # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin for details.
+  #
+  # Here we set the value that is included in the Access-Control-Allow-Origin response header. If the origin is one
+  # of our known hosts--served via HTTP or HTTPS--we allow for CORS. Otherwise, we set the "null" value, disallowing CORS.
+  map $http_origin $cors_origin {
+  default "null";
+  {% for host in EDXAPP_CORS_ORIGIN_WHITELIST %}
+    "~*^https?:\/\/{{ host|replace('.', '\.') }}$" $http_origin;
+  {% endfor %}
+  }
+{% endif %}
+
+
 server {
   # LMS configuration file for nginx, templated by ansible
 
@@ -282,5 +299,6 @@ location ~ ^{{ EDXAPP_MEDIA_URL }}/(?P<file>.*) {
 
   {% include "robots.j2" %}
   {% include "static-files.j2" %}
+  {% include "extra_locations_lms.j2" ignore missing %}
 
 }

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/static-files-extra.j2

+{% if EDXAPP_SCORM_PLAYER_LOCAL_STORAGE_ROOT %}
+  # w/in scorm/, override default return 403 for these file types
+  location ~ ^/static/scorm/(?:.*)(?:\.xml|\.json) {
+      try_files /{{ EDXAPP_SCORM_PLAYER_LOCAL_STORAGE_ROOT }}/$file =404;
+  }
+
+  location ~ "/scorm/(?P<file>.*)" {
+    add_header 'Access-Control-Allow-Origin' $cors_origin;
+    add_header 'Access-Control-Allow-Credentials' 'true';
+    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+    try_files /{{ EDXAPP_SCORM_PLAYER_LOCAL_STORAGE_ROOT }}/$file =404;
+  }
+{% endif %}

playbooks/roles/nginx/templates/edx/app/nginx/sites-available/static-files.j2

@@ -38,6 +38,8 @@
         try_files /staticfiles/$collected /course_static/$collected =404;
     }
 
+    {% include "static-files-extra.j2" ignore missing %}
+
     # Expire other static files immediately (there should be very few / none of these)
     expires 300;
   }