From 08fc53022377430051c5e1d2a53a39d7a2e43496 Mon Sep 17 00:00:00 2001
From: dandds <dan-ctr@friends.dds.mil>
Date: Tue, 19 Nov 2019 13:20:20 -0500
Subject: [PATCH] Add config value for CDN origin.

This value is set as the Access-Control-Allow-Origin header value for
the application. When using Azure CDN, the CDN will consume this header
when it populates its cache and use it on subsequent requests.

It would be possible to make this the same as the Flask SERVER_NAME
value. We explicitly set SERVER_NAME for Celery worker processes because
they need that information to contruct URLs outside of the request cycle
(Flask can infer the server name within a request cycle). I decided not
to rely on SERVER_NAME though because it has side effects:

- It determines what `url_for` uses as the host domain (which would be
  fine).
- It makes it so that the Flask app can only server requests to that
  domain (probably fine, but it felt like too big a side effect).

Additionally, SERVER_NAME does not include the scheme. For all of these
reasons I opted to make CDN_ORIGIN a separate config value.
---
 atst/app.py                             | 1 +
 config/base.ini                         | 1 +
 deploy/azure/atst-envvars-configmap.yml | 1 +
 deploy/overlays/staging/envvars.yml     | 1 +
 4 files changed, 4 insertions(+)

diff --git a/atst/app.py b/atst/app.py
index 83163a88..346ffe8b 100644
--- a/atst/app.py
+++ b/atst/app.py
@@ -137,6 +137,7 @@ def set_default_headers(app):  # pragma: no cover
         response.headers["X-Content-Type-Options"] = "nosniff"
         response.headers["X-Frame-Options"] = "SAMEORIGIN"
         response.headers["X-XSS-Protection"] = "1; mode=block"
+        response.headers["Access-Control-Allow-Origin"] = app.config.get("CDN_ORIGIN")
 
         if ENV == "dev":
             response.headers[
diff --git a/config/base.ini b/config/base.ini
index 105aeb4c..76e0f03e 100644
--- a/config/base.ini
+++ b/config/base.ini
@@ -2,6 +2,7 @@
 ASSETS_URL
 CAC_URL = http://localhost:8000/login-redirect
 CA_CHAIN = ssl/server-certs/ca-chain.pem
+CDN_ORIGIN=http://localhost:8000
 CELERY_DEFAULT_QUEUE=celery
 CLASSIFIED = false
 CONTRACT_END_DATE = 2022-09-14
diff --git a/deploy/azure/atst-envvars-configmap.yml b/deploy/azure/atst-envvars-configmap.yml
index 61f81fa8..4870e6a6 100644
--- a/deploy/azure/atst-envvars-configmap.yml
+++ b/deploy/azure/atst-envvars-configmap.yml
@@ -7,6 +7,7 @@ metadata:
 data:
   ASSETS_URL: https://atat-cdn.azureedge.net/
   CELERY_DEFAULT_QUEUE: celery-master
+  CDN_ORIGIN: https://azure.atat.code.mil
   CSP: azure
   FLASK_ENV: dev
   LOG_JSON: "true"
diff --git a/deploy/overlays/staging/envvars.yml b/deploy/overlays/staging/envvars.yml
index 86ea42b7..99721ec9 100644
--- a/deploy/overlays/staging/envvars.yml
+++ b/deploy/overlays/staging/envvars.yml
@@ -14,6 +14,7 @@ metadata:
   name: atst-envvars
 data:
   ASSETS_URL: https://atat-cdn-staging.azureedge.net/
+  CDN_ORIGIN: https://staging.atat.code.mil
   CELERY_DEFAULT_QUEUE: celery-staging
   FLASK_ENV: staging
   STATIC_URL: https://atat-cdn-staging.azureedge.net/static/