From d178cd04f5a8cf867bf7e37ed7af5e4d6b84572d Mon Sep 17 00:00:00 2001
From: Amir Tadrisi <amirtds@gmail.com>
Date: Wed, 15 Nov 2023 17:39:44 -0500
Subject: [PATCH 1/4] fix: Updated settings.py to dynamically populate
 ALLOWED_HOSTS using domains from the Django sites model

---
 lms/envs/production.py | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/lms/envs/production.py b/lms/envs/production.py
index 2961092d3a19..1fd92d68032a 100644
--- a/lms/envs/production.py
+++ b/lms/envs/production.py
@@ -27,7 +27,9 @@
 import yaml
 from corsheaders.defaults import default_headers as corsheaders_default_headers
 from django.core.exceptions import ImproperlyConfigured
+from django.contrib.sites.models import Site
 from path import Path as path
+from django.conf import settings
 
 from openedx.core.djangoapps.plugins import plugin_settings, constants as plugin_constants
 from openedx.core.lib.derived import derive_settings
@@ -210,13 +212,17 @@ def get_env_setting(setting):
 
 CMS_BASE = ENV_TOKENS.get('CMS_BASE', 'studio.edx.org')
 
-ALLOWED_HOSTS = [
-    # TODO: bbeggs remove this before prod, temp fix to get load testing running
-    "*",
-    ENV_TOKENS.get('LMS_BASE'),
-    FEATURES['PREVIEW_LMS_BASE'],
+# Fetching all domain names from the Site model
+site_domains = [site.domain for site in Site.objects.all()]
+
+ALLOWED_HOSTS = site_domains + [
+    ENV_TOKENS.get('LMS_BASE', ''),
+    FEATURES.get('PREVIEW_LMS_BASE', '')
 ]
 
+# Ensure that no empty strings are in ALLOWED_HOSTS
+ALLOWED_HOSTS = [host for host in ALLOWED_HOSTS if host]
+
 # allow for environments to specify what cookie name our login subsystem should use
 # this is to fix a bug regarding simultaneous logins between edx.org and edge.edx.org which can
 # happen with some browsers (e.g. Firefox)

From f7b38a0e4491dad9d0884fc4bf956d095ef60e41 Mon Sep 17 00:00:00 2001
From: Amir Tadrisi <amirtds@gmail.com>
Date: Wed, 15 Nov 2023 19:54:10 -0500
Subject: [PATCH 2/4] fix: Moved the dynamic population of ALLOWED_HOSTS to the
 ready() method

---
 lms/envs/production.py                           | 10 +---------
 openedx/core/djangoapps/appsembler/sites/apps.py |  5 +++++
 2 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/lms/envs/production.py b/lms/envs/production.py
index 1fd92d68032a..9bd2e51c1183 100644
--- a/lms/envs/production.py
+++ b/lms/envs/production.py
@@ -27,9 +27,7 @@
 import yaml
 from corsheaders.defaults import default_headers as corsheaders_default_headers
 from django.core.exceptions import ImproperlyConfigured
-from django.contrib.sites.models import Site
 from path import Path as path
-from django.conf import settings
 
 from openedx.core.djangoapps.plugins import plugin_settings, constants as plugin_constants
 from openedx.core.lib.derived import derive_settings
@@ -212,17 +210,11 @@ def get_env_setting(setting):
 
 CMS_BASE = ENV_TOKENS.get('CMS_BASE', 'studio.edx.org')
 
-# Fetching all domain names from the Site model
-site_domains = [site.domain for site in Site.objects.all()]
-
-ALLOWED_HOSTS = site_domains + [
+ALLOWED_HOSTS = [
     ENV_TOKENS.get('LMS_BASE', ''),
     FEATURES.get('PREVIEW_LMS_BASE', '')
 ]
 
-# Ensure that no empty strings are in ALLOWED_HOSTS
-ALLOWED_HOSTS = [host for host in ALLOWED_HOSTS if host]
-
 # allow for environments to specify what cookie name our login subsystem should use
 # this is to fix a bug regarding simultaneous logins between edx.org and edge.edx.org which can
 # happen with some browsers (e.g. Firefox)
diff --git a/openedx/core/djangoapps/appsembler/sites/apps.py b/openedx/core/djangoapps/appsembler/sites/apps.py
index 90e791c716ce..cf918385307f 100644
--- a/openedx/core/djangoapps/appsembler/sites/apps.py
+++ b/openedx/core/djangoapps/appsembler/sites/apps.py
@@ -10,8 +10,13 @@ class SitesConfig(AppConfig):
     def ready(self):
         from openedx.core.djangoapps.appsembler.sites.models import patched_clear_site_cache
         from openedx.core.djangoapps.site_configuration.models import SiteConfiguration
+        from django.contrib.sites.models import Site
+        from django.conf import settings
 
         from .config_values_modifier import init_configuration_modifier_for_site_config
 
         pre_save.connect(patched_clear_site_cache, sender=SiteConfiguration)
         post_init.connect(init_configuration_modifier_for_site_config, sender=SiteConfiguration)
+        # Update ALLOWED_HOSTS based on Site model
+        site_domains = [site.domain for site in Site.objects.all()]
+        settings.ALLOWED_HOSTS.extend(site_domains)

From 196c141f2b72c0529ed4e8dfe4dff250fb203cbc Mon Sep 17 00:00:00 2001
From: Bryan Wilson <bryanlandia@gmail.com>
Date: Mon, 11 Dec 2023 13:55:00 -0800
Subject: [PATCH 3/4] Add alternative domains to ALLOWED_HOSTS

need to allow requests from customer custom domains
---
 openedx/core/djangoapps/appsembler/sites/apps.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/openedx/core/djangoapps/appsembler/sites/apps.py b/openedx/core/djangoapps/appsembler/sites/apps.py
index cf918385307f..09f4118b7c8a 100644
--- a/openedx/core/djangoapps/appsembler/sites/apps.py
+++ b/openedx/core/djangoapps/appsembler/sites/apps.py
@@ -12,11 +12,20 @@ def ready(self):
         from openedx.core.djangoapps.site_configuration.models import SiteConfiguration
         from django.contrib.sites.models import Site
         from django.conf import settings
+        from django.core.exceptions import ObjectDoesNotExist
 
         from .config_values_modifier import init_configuration_modifier_for_site_config
 
         pre_save.connect(patched_clear_site_cache, sender=SiteConfiguration)
         post_init.connect(init_configuration_modifier_for_site_config, sender=SiteConfiguration)
         # Update ALLOWED_HOSTS based on Site model
-        site_domains = [site.domain for site in Site.objects.all()]
+        site_domains = []
+        sites = Site.objects.all()
+        for site in sites:
+            site_domains.append(site.domain)
+            try:
+                alt_domain = site.alternative_domain
+                site_domains.append(alt_domain)
+            except ObjectDoesNotExist:
+                continue
         settings.ALLOWED_HOSTS.extend(site_domains)

From 88217c3af768b9f4af6d46ffc575f00e9bac0ce4 Mon Sep 17 00:00:00 2001
From: Amir Tadrisi <amirtds@gmail.com>
Date: Sat, 27 Jan 2024 17:08:17 -0500
Subject: [PATCH 4/4] Limit ALLOWED HOSTS for CMS

---
 cms/envs/production.py | 6 +++---
 lms/envs/production.py | 1 +
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/cms/envs/production.py b/cms/envs/production.py
index 36916f1e6a7f..591da7658cdb 100644
--- a/cms/envs/production.py
+++ b/cms/envs/production.py
@@ -192,9 +192,9 @@ def get_env_setting(setting):
 SITE_NAME = ENV_TOKENS['SITE_NAME']
 
 ALLOWED_HOSTS = [
-    # TODO: bbeggs remove this before prod, temp fix to get load testing running
-    "*",
-    CMS_BASE,
+    ENV_TOKENS.get('LMS_BASE', ''),
+    ENV_TOKENS.get('CMS_BASE', ''),
+    FEATURES.get('PREVIEW_LMS_BASE', '')
 ]
 
 LOG_DIR = ENV_TOKENS['LOG_DIR']
diff --git a/lms/envs/production.py b/lms/envs/production.py
index 9bd2e51c1183..fb77cbb36be1 100644
--- a/lms/envs/production.py
+++ b/lms/envs/production.py
@@ -212,6 +212,7 @@ def get_env_setting(setting):
 
 ALLOWED_HOSTS = [
     ENV_TOKENS.get('LMS_BASE', ''),
+    ENV_TOKENS.get('CMS_BASE', ''),
     FEATURES.get('PREVIEW_LMS_BASE', '')
 ]