From dff0e2a56402ed12d9f4ab2a02ba263b1961b435 Mon Sep 17 00:00:00 2001
From: "Adolfo R. Brandes" <adolfo@opencraft.com>
Date: Fri, 10 Jul 2020 19:59:32 -0300
Subject: [PATCH] Clean up CORS-related settings

---
 cms/envs/common.py | 7 +++----
 lms/envs/common.py | 3 +--
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/cms/envs/common.py b/cms/envs/common.py
index 258d72994c..9c6e083386 100644
--- a/cms/envs/common.py
+++ b/cms/envs/common.py
@@ -2098,14 +2098,13 @@ FINANCIAL_REPORTS = {
 ############# CORS headers for cross-domain requests #################
 if FEATURES.get('ENABLE_CORS_HEADERS'):
     CORS_ALLOW_CREDENTIALS = True
+    CORS_ORIGIN_WHITELIST = ()
+    CORS_ORIGIN_ALLOW_ALL = False
+    CORS_ALLOW_INSECURE = False
     CORS_ALLOW_HEADERS = corsheaders_default_headers + (
         'use-jwt-cookie',
     )
 
-CORS_ORIGIN_WHITELIST = []
-CORS_ORIGIN_ALLOW_ALL = False
-
-
 LOGIN_REDIRECT_WHITELIST = []
 
 DEPRECATED_ADVANCED_COMPONENT_TYPES = []
diff --git a/lms/envs/common.py b/lms/envs/common.py
index d29e173f41..735d40fae4 100644
--- a/lms/envs/common.py
+++ b/lms/envs/common.py
@@ -2778,12 +2778,11 @@ if FEATURES.get('ENABLE_CORS_HEADERS'):
     CORS_ALLOW_CREDENTIALS = True
     CORS_ORIGIN_WHITELIST = ()
     CORS_ORIGIN_ALLOW_ALL = False
+    CORS_ALLOW_INSECURE = False
     CORS_ALLOW_HEADERS = corsheaders_default_headers + (
         'use-jwt-cookie',
     )
 
-CORS_ORIGIN_WHITELIST = []
-CORS_ORIGIN_ALLOW_ALL = False
 # Default cache expiration for the cross-domain proxy HTML page.
 # This is a static page that can be iframed into an external page
 # to simulate cross-domain requests.