Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-50107

Allow Cross-Site requests on token.php

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 2.8.5, 2.9, 3.0
    • 2.8.7, 2.9.1
    • Web Services
    • MOODLE_28_STABLE, MOODLE_29_STABLE, MOODLE_30_STABLE
    • MOODLE_28_STABLE, MOODLE_29_STABLE
    • MDL-50107-master
    • Hide
      1. In your Moodle site enable "Mobile services": Plugins ► Web Services ► Mobile
      2. Please, use the attached cors.html file for testing.
      3. You should open that file in a browser (chrome, safari or firefox) using the "File -> Open file" an ensure that the file is opened under the file:// protocol
      4. Enter your site details and your username/password and click Test!
      5. Under the Response.. text you should see a json encoded string contained a generated wstoken
      Show
      In your Moodle site enable "Mobile services": Plugins ► Web Services ► Mobile Please, use the attached cors.html file for testing. You should open that file in a browser (chrome, safari or firefox) using the "File -> Open file" an ensure that the file is opened under the file:// protocol Enter your site details and your username/password and click Test! Under the Response.. text you should see a json encoded string contained a generated wstoken

    Description

      All the WS calls declare the header 'Access-Control-Allow-Origin: *'; however token.php does not. But that last one is used to initiate the authenticate process with Moodle (HEAD request) which is blocked by the browsers.

      To replicate, add a site with a browser that did not disable CORS.

      Attachments

        Issue Links

          Activity

            People

              jleyva Juan Leyva
              fred Frédéric Massart
              Frédéric Massart Frédéric Massart
              Eloy Lafuente (stronk7) Eloy Lafuente (stronk7)
              Rajesh Taneja Rajesh Taneja
              Juan Leyva, David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                6/Jul/15