Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-50107

Allow Cross-Site requests on token.php

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.8.5, 2.9, 3.0
    • Fix Version/s: 2.8.7, 2.9.1
    • Component/s: Web Services
    • Labels:
    • Testing Instructions:
      Hide
      1. In your Moodle site enable "Mobile services": Plugins ► Web Services ► Mobile
      2. Please, use the attached cors.html file for testing.
      3. You should open that file in a browser (chrome, safari or firefox) using the "File -> Open file" an ensure that the file is opened under the file:// protocol
      4. Enter your site details and your username/password and click Test!
      5. Under the Response.. text you should see a json encoded string contained a generated wstoken
      Show
      In your Moodle site enable "Mobile services": Plugins ► Web Services ► Mobile Please, use the attached cors.html file for testing. You should open that file in a browser (chrome, safari or firefox) using the "File -> Open file" an ensure that the file is opened under the file:// protocol Enter your site details and your username/password and click Test! Under the Response.. text you should see a json encoded string contained a generated wstoken
    • Affected Branches:
      MOODLE_28_STABLE, MOODLE_29_STABLE, MOODLE_30_STABLE
    • Fixed Branches:
      MOODLE_28_STABLE, MOODLE_29_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-50107-master
    • Pull Master Diff URL:
    • Documentation link:

      Description

      All the WS calls declare the header 'Access-Control-Allow-Origin: *'; however token.php does not. But that last one is used to initiate the authenticate process with Moodle (HEAD request) which is blocked by the browsers.

      To replicate, add a site with a browser that did not disable CORS.

        Attachments

          Issue Links

          has a non-specific relationship to

          Improvement - An enhancement to an existing Moodle feature. MDL-47545 Enable cross origin requests in the Web Service REST server

          • Minor - Minor loss of function where workaround is possible
          • Closed
          will help resolve

          Improvement - An enhancement to an existing Moodle feature. MDL-50108 Allow cross domain access for token.php page

          • Minor - Minor loss of function where workaround is possible
          • Closed

            Activity

              People

              Assignee:
              jleyva Juan Leyva
              Reporter:
              fred Frédéric Massart
              Peer reviewer:
              Frédéric Massart
              Integrator:
              Eloy Lafuente (stronk7)
              Tester:
              Rajesh Taneja
              Participants:
              Component watchers:
              Juan Leyva, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                6/Jul/15