Adding ALLOW_CORS_HEADER plugin in tutor

Xiao_Long · July 2, 2023, 5:08pm

Hello! I am new to Open Edx and I am trying to set up openedx with a custom website I made. and I would like to call openedx api (http://local.overhang.io/api/courses/v1/) from my custom website. I can successfully setup openedx but when I try to call openedx api from my website, I got the error as below on my website.

http://localhost:3000’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

So I try to add cors header in the lms using tutor plugins according to this documentation but I dont see ALLOW_CORS_HEADER in the cms.env.yml.

https://docs.tutor.overhang.io/tutorials/plugin.html#plugin-development-tutorial

In the configuration variables, I cannot find the ALLOW_CORS_HEADERS variable in this docs.
https://docs.tutor.overhang.io/configuration.html#configuration

I would like to know how could I allow a custom website (IP ADDRESS) to call openedx api.

Thank you very much.

rediris · March 7, 2024, 4:57pm

@Xiao_Long I’ve had success with this by adding a tutor plugin. The only way I was able to get this to work is to have the custom site be the top level domain, and the LMS/CMS exist at a subdomain. The reason for this is the fact that a top level domain can access a subdomain’s cookies, but not the other way around. In my case, I have enabled the marketing site flag.

I’ve set the following in my config.yml:

FEATURES:
- ENABLE_MKTG_SITE: true
MARKETING_SITE_BASE_URL: your.domain
MARKETING_SITE_ROOT: https://your.domain
CMS_HOST: studio.lms.your.domain
LMS_HOST: lms.your.domain
PREVIEW_LMS_HOST: preview.lms.your.domain

An example of my-plugin.py:

from tutor import hooks

hooks.Filters.ENV_PATCHES.add_items([
(
"openedx-lms-common-settings",
f"""

CORS_ORIGIN_WHITELIST.append("https://your.domain")
CSRF_TRUSTED_ORIGINS.append("https://your.domain")
LOGIN_REDIRECT_WHITELIST.append("https://your.domain")

SESSION_COOKIE_DOMAIN="your.domain"
SHARED_COOKIE_DOMAIN = "your.domain"

""",
),
],
priority=hooks.priorities.LOW
)

I’ll add links below to other threads that go over similar requests:

Topic		Replies	Views
Enable CORS in tutor AWS AMI Site Operators api , how-to , tutor	4	355	November 8, 2023
No 'Access-Control-Allow-Origin' header is present on the requested resource in Open edX tutor Tutor Help tutor	4	726	June 15, 2023
Access Open edX api's from frontend/postman using tutor Development tutor	4	709	July 30, 2024
Setting CORS_ORIGIN_ALLOW_ALL Development tutor	9	668	August 5, 2024
Tutorial \| Open edX Nutmeg with Tutor 14 on Ubuntu 20 and disabling rate limiting step by step Site Operations Help api , how-to , tutor , nutmeg	1	612	October 2, 2022

Adding ALLOW_CORS_HEADER plugin in tutor

Related topics