Add config value for CDN origin.

This value is set as the Access-Control-Allow-Origin header value for the application. When using Azure CDN, the CDN will consume this header when it populates its cache and use it on subsequent requests. It would be possible to make this the same as the Flask SERVER_NAME value. We explicitly set SERVER_NAME for Celery worker processes because they need that information to contruct URLs outside of the request cycle (Flask can infer the server name within a request cycle). I decided not to rely on SERVER_NAME though because it has side effects: - It determines what `url_for` uses as the host domain (which would be fine). - It makes it so that the Flask app can only server requests to that domain (probably fine, but it felt like too big a side effect). Additionally, SERVER_NAME does not include the scheme. For all of these reasons I opted to make CDN_ORIGIN a separate config value.
2019-11-19 13:20:20 -05:00 · 2019-11-19 13:20:20 -05:00 · 08fc530223
commit 08fc530223
parent c6187466a3
4 changed files with 4 additions and 0 deletions
--- a/atst/app.py
+++ b/atst/app.py
@ -137,6 +137,7 @@ def set_default_headers(app):  # pragma: no cover
        response.headers["X-Content-Type-Options"] = "nosniff"
        response.headers["X-Frame-Options"] = "SAMEORIGIN"
        response.headers["X-XSS-Protection"] = "1; mode=block"
+        response.headers["Access-Control-Allow-Origin"] = app.config.get("CDN_ORIGIN")

        if ENV == "dev":
            response.headers[
--- a/config/base.ini
+++ b/config/base.ini
@ -2,6 +2,7 @@
 ASSETS_URL
 CAC_URL = http://localhost:8000/login-redirect
 CA_CHAIN = ssl/server-certs/ca-chain.pem
+CDN_ORIGIN=http://localhost:8000
 CELERY_DEFAULT_QUEUE=celery
 CLASSIFIED = false
 CONTRACT_END_DATE = 2022-09-14
--- a/deploy/azure/atst-envvars-configmap.yml
+++ b/deploy/azure/atst-envvars-configmap.yml
@ -7,6 +7,7 @@ metadata:
 data:
  ASSETS_URL: https://atat-cdn.azureedge.net/
  CELERY_DEFAULT_QUEUE: celery-master
+  CDN_ORIGIN: https://azure.atat.code.mil
  CSP: azure
  FLASK_ENV: dev
  LOG_JSON: "true"
--- a/deploy/overlays/staging/envvars.yml
+++ b/deploy/overlays/staging/envvars.yml
@ -14,6 +14,7 @@ metadata:
  name: atst-envvars
 data:
  ASSETS_URL: https://atat-cdn-staging.azureedge.net/
+  CDN_ORIGIN: https://staging.atat.code.mil
  CELERY_DEFAULT_QUEUE: celery-staging
  FLASK_ENV: staging
  STATIC_URL: https://atat-cdn-staging.azureedge.net/static/