Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-50783

Allow some ajax external functions to be called without a session

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      Go to the template library, open the browser dev tools and watch the network tab.

      Click some template names, and verify the ajax requests are being served through /lib/ajax/service-nologin.php

      In another tab logout - from the admin tool, without refreshing the page, continue to click template names - the page should keep working and not throw any errors.

      Show
      Go to the template library, open the browser dev tools and watch the network tab. Click some template names, and verify the ajax requests are being served through /lib/ajax/service-nologin.php In another tab logout - from the admin tool, without refreshing the page, continue to click template names - the page should keep working and not throw any errors.
    • Affected Branches:
      MOODLE_29_STABLE
    • Fixed Branches:
      MOODLE_30_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-50783-master

      Description

      There are some external functions that return static data that is completely public. Examples are language strings and templates. If we create a second entry point for these scripts, and introduce a new field to the services.php array to mark the functions that are safe to call this way, we can improve performance. This new script would not lock the session, so it could handle parallel requests - and it would be able to verify whether or not to allow calling this external function in this way.

      An alternative design that was discussed was to have a second ajax.php file in db/ for each component and bypass the webservices for these ajax functions - but I (Damo) would like to encourage/test the webservices framework alongside the ajax external functions.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  16/Nov/15