-
Improvement
-
Resolution: Fixed
-
Minor
-
2.9.1
-
MOODLE_29_STABLE
-
MOODLE_30_STABLE
-
MDL-50783-master -
There are some external functions that return static data that is completely public. Examples are language strings and templates. If we create a second entry point for these scripts, and introduce a new field to the services.php array to mark the functions that are safe to call this way, we can improve performance. This new script would not lock the session, so it could handle parallel requests - and it would be able to verify whether or not to allow calling this external function in this way.
An alternative design that was discussed was to have a second ajax.php file in db/ for each component and bypass the webservices for these ajax functions - but I (Damo) would like to encourage/test the webservices framework alongside the ajax external functions.
- blocks
-
MDL-49279 Add support in moodle plugins for exporting "Mobile app addons"
- Closed
- has a non-specific relationship to
-
MDL-50784 Any external function that is exposed to ajax could be vulnerable to CSRF
- Closed
-
MDL-50032 Allow external functions to add themselves into services
- Closed
- has been marked as being related by
-
MDL-50782 /lib/ajax/service.php should not call require_login
- Closed
- is blocked by
-
MDL-50782 /lib/ajax/service.php should not call require_login
- Closed