Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow custom USE-JWT-COOKIE header on cross origin requests.

Browse Source
This commit is contained in:
Douglas Hall
2018-11-02 14:13:23 -04:00
parent 6aed72823f
commit 0f125c7a62
3 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lms/envs/aws.py
View File

@@ -23,6 +23,7 @@ import os
import logging
import dateutil
from corsheaders.defaults import default_headers as corsheaders_default_headers
from path import Path as path
from xmodule.modulestore.modulestore_settings import convert_module_store_setting_if_needed
@@ -428,6 +429,9 @@ if FEATURES.get('ENABLE_CORS_HEADERS') or FEATURES.get('ENABLE_CROSS_DOMAIN_CSRF
CORS_ORIGIN_WHITELIST = ENV_TOKENS.get('CORS_ORIGIN_WHITELIST', ())
CORS_ORIGIN_ALLOW_ALL = ENV_TOKENS.get('CORS_ORIGIN_ALLOW_ALL', False)
CORS_ALLOW_INSECURE = ENV_TOKENS.get('CORS_ALLOW_INSECURE', False)
CORS_ALLOW_HEADERS = corsheaders_default_headers + (
'use-jwt-cookie',
)
# If setting a cross-domain cookie, it's really important to choose
# a name for the cookie that is DIFFERENT than the cookies used

4
lms/envs/common.py
View File

@@ -32,6 +32,7 @@ import imp
import sys
import os
from corsheaders.defaults import default_headers as corsheaders_default_headers
from path import Path as path
from django.utils.translation import ugettext_lazy as _
@@ -2509,6 +2510,9 @@ if FEATURES.get('ENABLE_CORS_HEADERS'):
CORS_ALLOW_CREDENTIALS = True
CORS_ORIGIN_WHITELIST = ()
CORS_ORIGIN_ALLOW_ALL = False
CORS_ALLOW_HEADERS = corsheaders_default_headers + (
'use-jwt-cookie',
)
# Default cache expiration for the cross-domain proxy HTML page.
# This is a static page that can be iframed into an external page

4
lms/envs/production.py
View File

@@ -23,6 +23,7 @@ import json
import os
import dateutil
from corsheaders.defaults import default_headers as corsheaders_default_headers
from path import Path as path
from xmodule.modulestore.modulestore_settings import convert_module_store_setting_if_needed
@@ -424,6 +425,9 @@ if FEATURES.get('ENABLE_CORS_HEADERS') or FEATURES.get('ENABLE_CROSS_DOMAIN_CSRF
CORS_ORIGIN_WHITELIST = ENV_TOKENS.get('CORS_ORIGIN_WHITELIST', ())
CORS_ORIGIN_ALLOW_ALL = ENV_TOKENS.get('CORS_ORIGIN_ALLOW_ALL', False)
CORS_ALLOW_INSECURE = ENV_TOKENS.get('CORS_ALLOW_INSECURE', False)
CORS_ALLOW_HEADERS = corsheaders_default_headers + (
'use-jwt-cookie',
)
# If setting a cross-domain cookie, it's really important to choose
# a name for the cookie that is DIFFERENT than the cookies used