Cors whitelist and SMTP

[xavierperez06]

Hello, and hope you are having a great day.

I'm trying to configure AWS SES, and everything seems ok, but when i try to send an email i got this error:

2023-01-18 13:55:03,010 INFO 23 [openedx.core.djangoapps.cors_csrf.helpers] [user 12] [ip REDACTED] helpers.py:64 - Origin 'https://courses.REDACTED' was not in CORS_ORIGIN_WHITELIST; full referer was 'https://courses.REDACTED/account/settings' and requested host was 'courses.REDACTED'; CORS_ORIGIN_ALLOW_ALL=False
[pid: 23|app: 0|req: 10/21] REDACTED () {74 vars in 3847 bytes} [Wed Jan 18 13:55:02 2023] POST /password_reset/ => generated 281 bytes in 575 msecs (HTTP/1.1 200) 8 headers in 535 bytes (1 switches on core 0)

I checked the values, and infact, the URL it's not in the config of the LMS pod.

But i have them in the settings_merge.yml file.

You have any idea on what is overwritting my config? I cannot find it.

Thanks

[lpm0073]

Hi Xavier, confirming that i experienced something similar last week in which my settings value for CORS_ORIGIN_WHITELIST in settings_merge.yml was ultimately ignored by tutor. i got around this (in my case) by adding a line like 'tutor config save -set ....' in the deployment workflow.

[xavierperez06]

Awesome, in which step? I ask because i tried this:

But didn't work...Maybe i'm doing something wrong?

[xavierperez06]

@lpm0073 it's weird... I added email configuration in the settings_merge file, and that setting is changed. But with CORS, i can't make it work. And can't test if emails and badges works due CORS not being configured.

[lpm0073]

This worked for me:

[lpm0073]

same as you, i added this step just before the "Dump tutor config" step

[xavierperez06]

Did you posted the correct image? The Disable all MFEs it's the same as mine... I don't see what lines did you added to make CORS works. It's driving me crazy haha

[lpm0073]

I've duplicated your results. note this screen shot of the contents of /openedx/config/lms.env.yml in the lms pod file system.

however, the contents of /openedx/edx-platform/envs/tutor/production.py illustrate how the original values from lms.env.yml are getting overwritten. i've traced these three lines to https://github.com/overhangio/tutor-mfe/blob/master/tutormfe/patches/openedx-lms-production-settings#L24

LOGIN_REDIRECT_WHITELIST.append("apps.learning.blend-ed.com")
CORS_ORIGIN_WHITELIST.append("http://apps.learning.blend-ed.com")
CSRF_TRUSTED_ORIGINS.append("apps.learning.blend-ed.com")`

farther down, in the CORS section you can see the origin of our problem, but i haven't found what is overwriting the original values.
CORS_ALLOW_CREDENTIALS = True
CORS_ORIGIN_ALLOW_ALL = False
CORS_ALLOW_INSECURE = True
CORS_ALLOW_HEADERS = corsheaders_default_headers + ('use-jwt-cookie',)
CORS_ORIGIN_WHITELIST = []

I did find the following in the tutor source: https://github.com/overhangio/tutor/blob/master/tutor/templates/apps/openedx/settings/partials/common_all.py#L205 but this matches the file contents in edx-platform, so i doubt that this is the cause of the problem.

[xavierperez06]

Hhmm... Yes, found the same thing that the content of /openedx/config/lms.env.yml in the lms pod file system is correct, but if i run ./manage.py lms diffsettings --all the values are wrong.

Still trying to found the source of the problem. Will let you know if i'm able to find anything.