Isolating Views by Site in edx-platform

Owned by Dave Ormsbee (Axim)
May 03, 2023
1 min read

For security reasons, there are things currently served by edx-platform that would be best separated into separate logical “sites”, even if they’re backed by the same process:

  • Django Admin (this URL could be something that is only accessible via VPN)

  • Studio REST APIs

  • LMS REST APIs

  • XBlock rendering

  • Serving course author uploaded static assets

We currently accomplish this for some of these use cases with a combination of:

  • separate config and processes (Studio and LMS)

  • nginx configuration (some instances use this for the Django admin isolation)

One of the key things we want to guard against is a course team authored JavaScript that can make API calls or trigger views in other parts of the LMS and Studio. We also don’t want the

Is this feasible to do at the Django Layer?

Say we had the following “sites”:

  • LMS REST APIs – lms.openedx-site.org

  • XBlock rendering – xblock.openedx-site.io

These are put in two totally different domains (openedx-site.org vs. openedx-site.io) so they can't share domain cookies.

 

Self notes:

  • Middleware that looks at view layer

  • Config that goes from site-patterns → allow/deny lists (by app or specific view)