Setting CORS_ORIGIN_ALLOW_ALL

Hello everyone,

I have set CORS_ORIGIN_ALLOW_ALL=True in the common.py and production.py files in the edx-platform. When I run ‘tutor images build openedx’ and ‘tutor local launch’ to load the production.py file, it doesn’t seem to recognize the CORS_ORIGIN_ALLOW_ALL=true setting I just configured. Can someone please tell me how to make CORS_ORIGIN_ALLOW_ALL=true work?

I have created a plugin myself to be able to set it, but it still doesn’t work.

from tutor import hooks

hooks.Filters.ENV_PATCHES.add_item(
    (
        "openedx-lms-common-settings",
        "CORS_ORIGIN_ALLOW_ALL = True",

    )
)

Thank you!

Hello,
Can you try adding these settings with lms-env instead of openedx-lms-common-settings ?

Hello @chintansanganis ,

I followed your instructions for setting up, but when I run ‘tutor local launch,’ it encounters an error

from tutor import hooks

hooks.Filters.ENV_PATCHES.add_item(
    (
        "lms-env",
        "CORS_ORIGIN_ALLOW_ALL = True",

    )
)

It may be due to incorrect syntax.

Loading settings lms.envs.tutor.production
Traceback (most recent call last):
  File "./manage.py", line 102, in <module>
    startup = importlib.import_module(edx_args.startup)
  File "/opt/pyenv/versions/3.8.12/lib/python3.8/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 1014, in _gcd_import
  File "<frozen importlib._bootstrap>", line 991, in _find_and_load
  File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 671, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 843, in exec_module
  File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
  File "/openedx/edx-platform/lms/startup.py", line 10, in <module>
    settings.INSTALLED_APPS  # pylint: disable=pointless-statement
  File "/openedx/venv/lib/python3.8/site-packages/django/conf/__init__.py", line 82, in __getattr__
    self._setup(name)
  File "/openedx/venv/lib/python3.8/site-packages/django/conf/__init__.py", line 69, in _setup
    self._wrapped = Settings(settings_module)
  File "/openedx/venv/lib/python3.8/site-packages/django/conf/__init__.py", line 170, in __init__
    mod = importlib.import_module(self.SETTINGS_MODULE)
  File "/opt/pyenv/versions/3.8.12/lib/python3.8/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 1014, in _gcd_import
  File "<frozen importlib._bootstrap>", line 991, in _find_and_load
  File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 671, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 843, in exec_module
  File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
  File "/openedx/edx-platform/lms/envs/tutor/production.py", line 3, in <module>
    from lms.envs.production import *
  File "/openedx/edx-platform/lms/envs/production.py", line 66, in <module>
    __config__ = yaml.safe_load(f)
  File "/openedx/venv/lib/python3.8/site-packages/yaml/__init__.py", line 125, in safe_load
    return load(stream, SafeLoader)
  File "/openedx/venv/lib/python3.8/site-packages/yaml/__init__.py", line 81, in load
    return loader.get_single_data()
  File "/openedx/venv/lib/python3.8/site-packages/yaml/constructor.py", line 49, in get_single_data
    node = self.get_single_node()
  File "/openedx/venv/lib/python3.8/site-packages/yaml/composer.py", line 36, in get_single_node
    document = self.compose_document()
  File "/openedx/venv/lib/python3.8/site-packages/yaml/composer.py", line 55, in compose_document
    node = self.compose_node(None, None)
  File "/openedx/venv/lib/python3.8/site-packages/yaml/composer.py", line 84, in compose_node
    node = self.compose_mapping_node(anchor)
  File "/openedx/venv/lib/python3.8/site-packages/yaml/composer.py", line 127, in compose_mapping_node
    while not self.check_event(MappingEndEvent):
  File "/openedx/venv/lib/python3.8/site-packages/yaml/parser.py", line 98, in check_event
    self.current_event = self.state()
  File "/openedx/venv/lib/python3.8/site-packages/yaml/parser.py", line 428, in parse_block_mapping_key
    if self.check_token(KeyToken):
  File "/openedx/venv/lib/python3.8/site-packages/yaml/scanner.py", line 115, in check_token
    while self.need_more_tokens():
  File "/openedx/venv/lib/python3.8/site-packages/yaml/scanner.py", line 152, in need_more_tokens
    self.stale_possible_simple_keys()
  File "/openedx/venv/lib/python3.8/site-packages/yaml/scanner.py", line 291, in stale_possible_simple_keys
    raise ScannerError("while scanning a simple key", key.mark,
yaml.scanner.ScannerError: while scanning a simple key
  in "/openedx/config/lms.env.yml", line 48, column 1
could not find expected ':'
  in "/openedx/config/lms.env.yml", line 50, column 1

I think this seems like a syntax error. You should change to

It runs successfully, but why does the ‘production.py’ file in the LMS folder of Tutor still not recognize ‘CORS_ORIGIN_ALLOW_ALL’?

CORS_ALLOW_CREDENTIALS = True
CORS_ORIGIN_ALLOW_ALL = False
CORS_ALLOW_INSECURE = False
CORS_ALLOW_HEADERS = corsheaders_default_headers + ('use-jwt-cookie',)

Sorry for the confusion.
openedx-lms-production-settings instead of openedx-lms-common-settings should make production.py file changes

tutor config save

tutor local/dev stop

tutor local/dev start

tutor local/dev run lms bash

./manage.py lms shell

from django.conf import settings

settnigs.CORS_ORIGIN_ALLOW_ALL

Thank you for your help, I succeeded

Just please bear in mind that if you set CORS_ORIGIN_ALLOW_ALL to true in your production environment, your users will be vulnerable to attacks from other websites.