Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 2.8.5, 2.9, 3.0
-
Component/s: Web Services
-
Testing Instructions:
-
Affected Branches:MOODLE_28_STABLE, MOODLE_29_STABLE, MOODLE_30_STABLE
-
Fixed Branches:MOODLE_28_STABLE, MOODLE_29_STABLE
-
Pull from Repository:
-
Pull Master Branch:
MDL-50107-master -
Pull Master Diff URL:
-
Documentation link:
Description
All the WS calls declare the header 'Access-Control-Allow-Origin: *'; however token.php does not. But that last one is used to initiate the authenticate process with Moodle (HEAD request) which is blocked by the browsers.
To replicate, add a site with a browser that did not disable CORS.