Files · 67846232078c5bb12eede35b0bc67e28cb4783a4 · edx / configuration

Restricting Credentials CORS access · 67846232

After reading more on CORS (and sleeping!) I have finally corrected CORS
for static files, restricting access to our knwon hosts. Our initial
implementation was almost correct. It simply lacked the protocol—HTTP,
HTTPS—on the regex.

In my late-night push to just be done with this, I failed to go back to
"first principles" and actually understand CORS, choosing to rely on
various online "solutions". This lead to the unnecessary headers seen in
previous commits. Since we only care about GET requests for fonts, we
only need the single header. There is no need to handle preflight
OPTIONS requests because we aren't making such requests.

LEARNER-568

committed Apr 16, 2017

67846232

Name	Last commit	Last update
.github		Loading commit data...
docker		Loading commit data...
playbooks		Loading commit data...
terraform		Loading commit data...
tests		Loading commit data...
util		Loading commit data...
vagrant		Loading commit data...
.dockerignore		Loading commit data...
.editorconfig		Loading commit data...
.gitignore		Loading commit data...
.travis.yml		Loading commit data...
AUTHORS		Loading commit data...
CHANGELOG.md		Loading commit data...
LICENSE.TXT		Loading commit data...
Makefile		Loading commit data...
README.md		Loading commit data...
docker.mk		Loading commit data...
github.txt		Loading commit data...
openedx.yaml		Loading commit data...
pre-requirements.txt		Loading commit data...
requirements.txt		Loading commit data...
test.mk		Loading commit data...

README.md