diff --git a/tutor/templates/apps/openedx/settings/lms/production.py b/tutor/templates/apps/openedx/settings/lms/production.py index c9e62fe094..3b98ea51c6 100644 --- a/tutor/templates/apps/openedx/settings/lms/production.py +++ b/tutor/templates/apps/openedx/settings/lms/production.py @@ -10,19 +10,6 @@ ] CORS_ORIGIN_WHITELIST.append("{% if ENABLE_HTTPS %}https{% else %}http{% endif %}://{{ LMS_HOST }}") -{% if ENABLE_HTTPS %} -# Properly set the "secure" attribute on session/csrf cookies. This is required in -# Chrome to support samesite=none cookies. -SESSION_COOKIE_SECURE = True -CSRF_COOKIE_SECURE = True -SESSION_COOKIE_SAMESITE = "None" -{% else %} -# When we cannot provide secure session/csrf cookies, we must disable samesite=none -SESSION_COOKIE_SECURE = False -CSRF_COOKIE_SECURE = False -SESSION_COOKIE_SAMESITE = "Lax" -{% endif %} - # CMS authentication IDA_LOGOUT_URI_LIST.append("{% if ENABLE_HTTPS %}https{% else %}http{% endif %}://{{ CMS_HOST }}/logout/") diff --git a/tutor/templates/apps/openedx/settings/partials/common_all.py b/tutor/templates/apps/openedx/settings/partials/common_all.py index 13f391ba5d..98a2dad477 100644 --- a/tutor/templates/apps/openedx/settings/partials/common_all.py +++ b/tutor/templates/apps/openedx/settings/partials/common_all.py @@ -162,7 +162,7 @@ warnings.filterwarnings("ignore", category=DeprecationWarning, module="pgpy.constants") except ImportError: pass # If the warnings don't exist we don't need to filter them. - + # Email EMAIL_USE_SSL = {{ SMTP_USE_SSL }} # Forward all emails from edX's Automated Communication Engine (ACE) to django. @@ -177,6 +177,19 @@ # Allow the platform to include itself in an iframe X_FRAME_OPTIONS = "SAMEORIGIN" +{% if ENABLE_HTTPS %} +# Properly set the "secure" attribute on session/csrf cookies. This is required in +# Chrome to support samesite=none cookies. +SESSION_COOKIE_SECURE = True +CSRF_COOKIE_SECURE = True +SESSION_COOKIE_SAMESITE = "None" +{% else %} +# When we cannot provide secure session/csrf cookies, we must disable samesite=none +SESSION_COOKIE_SECURE = False +CSRF_COOKIE_SECURE = False +SESSION_COOKIE_SAMESITE = "Lax" +{% endif %} + {% set jwt_rsa_key | rsa_import_key %}{{ JWT_RSA_PRIVATE_KEY }}{% endset %} JWT_AUTH["JWT_ISSUER"] = "{{ JWT_COMMON_ISSUER }}" JWT_AUTH["JWT_AUDIENCE"] = "{{ JWT_COMMON_AUDIENCE }}"