[MDL-50107] Allow Cross-Site requests on token.php - Moodle Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.8.5, 2.9, 3.0
Fix Version/s: 2.8.7, 2.9.1
Component/s: Web Services
Labels:
- ci
- triaged

Testing Instructions:
Hide

In your Moodle site enable "Mobile services": Plugins ► Web Services ► Mobile

Please, use the attached cors.html file for testing.

You should open that file in a browser (chrome, safari or firefox) using the "File -> Open file" an ensure that the file is opened under the file:// protocol

Enter your site details and your username/password and click Test!

Under the Response.. text you should see a json encoded string contained a generated wstoken
Show
In your Moodle site enable "Mobile services": Plugins ► Web Services ► Mobile Please, use the attached cors.html file for testing. You should open that file in a browser (chrome, safari or firefox) using the "File -> Open file" an ensure that the file is opened under the file:// protocol Enter your site details and your username/password and click Test! Under the Response.. text you should see a json encoded string contained a generated wstoken
Affected Branches:
MOODLE_28_STABLE, MOODLE_29_STABLE, MOODLE_30_STABLE
Fixed Branches:
MOODLE_28_STABLE, MOODLE_29_STABLE
Pull from Repository:
git://github.com/jleyva/moodle.git
Pull Master Branch:
~~MDL-50107~~-master
Pull Master Diff URL:
https://github.com/jleyva/moodle/compare/17abbfb...MDL-50107-master
Documentation link:
https://docs.moodle.org/dev/Web_service_API_functions#Web_service_protocols

Description

All the WS calls declare the header 'Access-Control-Allow-Origin: *'; however token.php does not. But that last one is used to initiate the authenticate process with Moodle (HEAD request) which is blocked by the browsers.

To replicate, add a site with a browser that did not disable CORS.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

cors.html
1 kB
11/Jun/15 12:56 AM

Issue Links

has a non-specific relationship to

MDL-47545 Enable cross origin requests in the Web Service REST server

Closed

will help resolve

MDL-50108 Allow cross domain access for token.php page

Closed

Activity

People

Assignee:

Juan Leyva

Reporter:

Frédéric Massart

Peer reviewer:

Frédéric Massart

Integrator:

Eloy Lafuente (stronk7)

Tester:

Rajesh Taneja

Participants:

CiBoT, Dan Poltawski, Eloy Lafuente (stronk7), Frédéric Massart, Juan Leyva, Rajesh Taneja

Component watchers:

Juan Leyva, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

05/May/15 3:07 AM

Updated:

16/Oct/15 12:57 AM

Resolved:

19/Jun/15 7:19 AM

Fix Release Date:

6/Jul/15