Closed ssciolla closed 2 years ago
Merging, so we can test with a deployment.
I will QA this
I did not see any LTI launch oddities when changing cors to false/true. I tested this from multiple browser (Chrome, Edge) and things seems to be fine.
I think we can make it cors toggle as configurable. But I don't think it is needed based on my testing.
The PR aims to resolve #307.
Notes:
I'm requesting reviews from the entire development team, as this is a minuscule code change and others may have expertise regarding LTI and web security to contribute. See issue for details.