Setting CORS_ORIGIN_ALLOW_ALL

Ng_c_S_n_Tr_n · September 7, 2023, 1:19am

Hello everyone,

I have set CORS_ORIGIN_ALLOW_ALL=True in the common.py and production.py files in the edx-platform. When I run ‘tutor images build openedx’ and ‘tutor local launch’ to load the production.py file, it doesn’t seem to recognize the CORS_ORIGIN_ALLOW_ALL=true setting I just configured. Can someone please tell me how to make CORS_ORIGIN_ALLOW_ALL=true work?

I have created a plugin myself to be able to set it, but it still doesn’t work.

from tutor import hooks

hooks.Filters.ENV_PATCHES.add_item(
    (
        "openedx-lms-common-settings",
        "CORS_ORIGIN_ALLOW_ALL = True",

    )
)

Thank you!

chintansanganis · September 7, 2023, 6:19am

Hello,
Can you try adding these settings with lms-env instead of openedx-lms-common-settings ?

Ng_c_S_n_Tr_n · September 7, 2023, 7:24am

Hello @chintansanganis ,

I followed your instructions for setting up, but when I run ‘tutor local launch,’ it encounters an error

from tutor import hooks

hooks.Filters.ENV_PATCHES.add_item(
    (
        "lms-env",
        "CORS_ORIGIN_ALLOW_ALL = True",

    )
)

It may be due to incorrect syntax.

Loading settings lms.envs.tutor.production
Traceback (most recent call last):
  File "./manage.py", line 102, in <module>
    startup = importlib.import_module(edx_args.startup)
  File "/opt/pyenv/versions/3.8.12/lib/python3.8/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 1014, in _gcd_import
  File "<frozen importlib._bootstrap>", line 991, in _find_and_load
  File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 671, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 843, in exec_module
  File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
  File "/openedx/edx-platform/lms/startup.py", line 10, in <module>
    settings.INSTALLED_APPS  # pylint: disable=pointless-statement
  File "/openedx/venv/lib/python3.8/site-packages/django/conf/__init__.py", line 82, in __getattr__
    self._setup(name)
  File "/openedx/venv/lib/python3.8/site-packages/django/conf/__init__.py", line 69, in _setup
    self._wrapped = Settings(settings_module)
  File "/openedx/venv/lib/python3.8/site-packages/django/conf/__init__.py", line 170, in __init__
    mod = importlib.import_module(self.SETTINGS_MODULE)
  File "/opt/pyenv/versions/3.8.12/lib/python3.8/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 1014, in _gcd_import
  File "<frozen importlib._bootstrap>", line 991, in _find_and_load
  File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 671, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 843, in exec_module
  File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
  File "/openedx/edx-platform/lms/envs/tutor/production.py", line 3, in <module>
    from lms.envs.production import *
  File "/openedx/edx-platform/lms/envs/production.py", line 66, in <module>
    __config__ = yaml.safe_load(f)
  File "/openedx/venv/lib/python3.8/site-packages/yaml/__init__.py", line 125, in safe_load
    return load(stream, SafeLoader)
  File "/openedx/venv/lib/python3.8/site-packages/yaml/__init__.py", line 81, in load
    return loader.get_single_data()
  File "/openedx/venv/lib/python3.8/site-packages/yaml/constructor.py", line 49, in get_single_data
    node = self.get_single_node()
  File "/openedx/venv/lib/python3.8/site-packages/yaml/composer.py", line 36, in get_single_node
    document = self.compose_document()
  File "/openedx/venv/lib/python3.8/site-packages/yaml/composer.py", line 55, in compose_document
    node = self.compose_node(None, None)
  File "/openedx/venv/lib/python3.8/site-packages/yaml/composer.py", line 84, in compose_node
    node = self.compose_mapping_node(anchor)
  File "/openedx/venv/lib/python3.8/site-packages/yaml/composer.py", line 127, in compose_mapping_node
    while not self.check_event(MappingEndEvent):
  File "/openedx/venv/lib/python3.8/site-packages/yaml/parser.py", line 98, in check_event
    self.current_event = self.state()
  File "/openedx/venv/lib/python3.8/site-packages/yaml/parser.py", line 428, in parse_block_mapping_key
    if self.check_token(KeyToken):
  File "/openedx/venv/lib/python3.8/site-packages/yaml/scanner.py", line 115, in check_token
    while self.need_more_tokens():
  File "/openedx/venv/lib/python3.8/site-packages/yaml/scanner.py", line 152, in need_more_tokens
    self.stale_possible_simple_keys()
  File "/openedx/venv/lib/python3.8/site-packages/yaml/scanner.py", line 291, in stale_possible_simple_keys
    raise ScannerError("while scanning a simple key", key.mark,
yaml.scanner.ScannerError: while scanning a simple key
  in "/openedx/config/lms.env.yml", line 48, column 1
could not find expected ':'
  in "/openedx/config/lms.env.yml", line 50, column 1

chintansanganis · September 7, 2023, 7:43am

I think this seems like a syntax error. You should change to

Ng_c_S_n_Tr_n · September 7, 2023, 8:03am

It runs successfully, but why does the ‘production.py’ file in the LMS folder of Tutor still not recognize ‘CORS_ORIGIN_ALLOW_ALL’?

CORS_ALLOW_CREDENTIALS = True
CORS_ORIGIN_ALLOW_ALL = False
CORS_ALLOW_INSECURE = False
CORS_ALLOW_HEADERS = corsheaders_default_headers + ('use-jwt-cookie',)

chintansanganis · September 7, 2023, 10:17am

Sorry for the confusion.
openedx-lms-production-settings instead of openedx-lms-common-settings should make production.py file changes

tutor config save

tutor local/dev stop

tutor local/dev start

tutor local/dev run lms bash

./manage.py lms shell

from django.conf import settings

settnigs.CORS_ORIGIN_ALLOW_ALL

Ng_c_S_n_Tr_n · September 8, 2023, 2:47am

Thank you for your help, I succeeded

Tim_McCormack · September 18, 2023, 7:31pm

Just please bear in mind that if you set CORS_ORIGIN_ALLOW_ALL to true in your production environment, your users will be vulnerable to attacks from other websites.

allen_luna · August 1, 2024, 11:09pm

hi @chintansanganis where to allow CORS_ORIGIN_ALLOW_ALL is it in the config.yaml? or lms.env.yaml? my tutor version is quince I am creating my custom login system that automatic to authenticate in the learner-dashboard, I encountered this kind of error

Access to XMLHttpRequest at ‘https://mydomaim.com/learner-dashboard’ (redirected from ‘https://localhost:44341/Main/Login’) from origin ‘https://localhost:44341’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Tim_McCormack · August 5, 2024, 2:54pm

You should be using CORS_ORIGIN_WHITELIST instead, unless you want severe security issues on your site.

Topic		Replies	Views
Enable CORS in tutor AWS AMI Site Operators api , how-to , tutor	4	347	November 8, 2023
Adding ALLOW_CORS_HEADER plugin in tutor Tutor Help tutor	1	525	March 7, 2024
Tutorial \| Open edX Nutmeg with Tutor 14 on Ubuntu 20 and disabling rate limiting step by step Site Operations Help api , how-to , tutor , nutmeg	1	611	October 2, 2022
No 'Access-Control-Allow-Origin' header is present on the requested resource in Open edX tutor Tutor Help tutor	4	713	June 15, 2023
Email won't send due to CORS policy, and cannot set whitelist Tutor Help	9	1556	September 25, 2022

Setting CORS_ORIGIN_ALLOW_ALL

Related topics