refs FOO-437
flag=none
This provides a 'csp.global_whitelist' Setting that can be used to add
comma-separated list of domains to the CSP whitelist for all Accounts.
With this, Studio LTI launches (and video downloads) can be fixed by
`Setting.set('csp.global_whitelist', '*.instructuremedia.com')`.
This also gives Commons a path to fix its download issues, namely by
serving catridges from a subdomain of the tool's domain.
test plan:
= run `Setting.set('csp.global_whitelist', '*.instructuremedia.com')`
in a rails console
- install Studio as an LTI tool
- turn on CSP:
- go to https://<account>.instructure.com/accounts/self/settings/configurations
- click "Feature Options" tab
- ensure "Content Security Policy" is enabled
- click "Security" tab
- click "Enable Content Security Policy"
- launch Studio. it should work.
- go to a video you uploaded in Studio and click the Download button.
that should work, too.
Change-Id: I930b9b5ee5653cc5bbfd85b096f120fc21722e3a
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/246475
QA-Review: Ahmad Amireh <ahmad@instructure.com>
Product-Review: Ahmad Amireh <ahmad@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Ahmad Amireh <ahmad@instructure.com>
Cody Cutrer