Correct config for cross-domain access to Open edX API

andreask · June 29, 2020, 8:36am

I want to give a React-based frontend application access to the Open edX API in Juniper. This works well with both being based on localhost, or the same domain, but I want to explore other use scenarios.

What I want is for the frontend application to communicate with the API, even if hosted on a different domain. E.g. frontend makes an API call from example2.com to the Open edX deployment on example.com.

I’ve found some pointers in the direction of configuring CORS and CSRF, but I assume I’d also need to configure some way of issuing JWT to the application? So, specifically, which configurations should be made in the lms/cms.evn.json files and which need be done on the Django Admin side?

andreask · July 1, 2020, 8:13am

Bump! Anyone? Seems odd that no-one has made this config?

Joan_Rodriguez · December 29, 2021, 12:35am

Hello Andreas,

Today I encountered a similar problem, and I struggled to find a solution on the documentation and forums.

I finally managed to fix it by enabling CORS in the /edx/etc/lms.yml config file. Specifically, I changed
CORS_ORIGIN_ALLOW_ALL: true
FEATURES:
…
ENABLE_CORS_HEADERS: true

I assume you can also whitelist your domain by modifying:
CORS_ORIGIN_WHITELIST:

Best
Joan

Topic		Replies	Views
Access Open edX api's from frontend/postman using tutor Development tutor	3	547	August 19, 2022
Tutorial \| Open edX Nutmeg with Tutor 14 on Ubuntu 20 and disabling rate limiting step by step Site Operations Help api , how-to , tutor , nutmeg	1	571	October 2, 2022
Enable CORS in tutor AWS AMI Site Operators api , how-to , tutor	4	189	November 8, 2023
Adding ALLOW_CORS_HEADER plugin in tutor Tutor Help tutor	1	301	March 7, 2024
Question about User Management / Access Restriction Site Operators how-to , juniper	0	626	December 4, 2020

Correct config for cross-domain access to Open edX API

Related Topics