IllumiDesk · rupeshparab · Aug 23, 2021 · Aug 22, 2021 · gzuidhof · Aug 23, 2021
diff --git a/formgradernext/handlers.py b/formgradernext/handlers.py
@@ -14,6 +14,8 @@
 from notebook.notebookapp import NotebookApp
 from notebook.utils import url_path_join as ujoin
 
+from .middleware import coop_coep_headers
+
 lms_version = os.environ.get("LMS_VERSION") or "0.1.0"
 
 template_response = requests.get(
@@ -23,11 +25,17 @@
     "</head>", '<script>var base_url = "{{ base_url }}";</script></head>'
 )
 
+# Hack(@gzuidhof): We need this until the index file in the bundle itself contains crossorigin (or crossorigin="anonymous") tags
+# we need to specify crossorigin assets specifically due to the COOP and COEP headers.
+template_html = template_html.replace("<script ", "<script crossorigin ")
+template_html = template_html.replace("<link ", "<link crossorigin ")
+
 
 class LMSHandler(BaseHandler):
     @web.authenticated
     @check_xsrf
     @check_notebook_dir
+    @coop_coep_headers
     def get(self):
         html = (
             Environment(loader=BaseLoader)
@@ -46,6 +54,7 @@ def get(self):
 
 handlers = [
     (r"/formgradernext/?", LMSHandler),
+    (r"/formgradernext/.*", LMSHandler),
 ]
 
 

diff --git a/formgradernext/middleware.py b/formgradernext/middleware.py
@@ -0,0 +1,16 @@
+from functools import wraps
+from tornado.web import RequestHandler
+
+
+def coop_coep_headers(f):
+    """
+    Sets the COOP and COEP headers, which are required for cross origin isolation (which unlocks
+    certain features in embedded Starboard Notebook frames). These headers need to be present
+    all the way down (i.e. in the top level webpage, as well as )
+    """
+    @wraps(f)
+    def handle(self: RequestHandler, *args, **kwargs):
+        self.set_header("Cross-Origin-Embedder-Policy", "require-corp")
+        self.set_header("Cross-Origin-Opener-Policy", "same-origin")
+        return f(self, *args, **kwargs)
+    return handle