Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-51588

Allow Cross-Origin requests in webservice/pluginfile.php

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 2.9.2
    • 2.8.9, 2.9.3
    • Web Services
    • MOODLE_29_STABLE
    • MOODLE_28_STABLE, MOODLE_29_STABLE
    • MDL-51588-master
    • Hide
      1. Create a new mod_page with image
      2. Do one of the following tests

      Test with Mobile app code

      1. Access the mod_page using Chromium
      2. Confirm that the content of the page is displayed

      Manual test

      1. Extract the SRC of an image of your page (pluginfile.php? ...)
      2. Replace /pluginfile.php with webservice/pluginfile.php in the SRC
      3. Add ?token=TOKEN to SRC using a token that you previously generated, the token should belong to a use who can view the image (admin user for instance)
      4. curl -I SRC
      5. Make sure "Access-Control-Allow-Origin: *" is present in the response headers.
      Show
      Create a new mod_page with image Do one of the following tests Test with Mobile app code Access the mod_page using Chromium Confirm that the content of the page is displayed Manual test Extract the SRC of an image of your page (pluginfile.php? ...) Replace /pluginfile.php with webservice/pluginfile.php in the SRC Add ?token=TOKEN to SRC using a token that you previously generated, the token should belong to a use who can view the image (admin user for instance) curl -I SRC Make sure "Access-Control-Allow-Origin: *" is present in the response headers.

    Description

      All the WS calls declare the header 'Access-Control-Allow-Origin: *'; however pluginfile.php does not. The latter is used when retrieving files from WS and can be problematic when used in a browser.

      To replicate access a mod_page with Chromium/Chrome.

      Attachments

        Issue Links

          Discovered while testing

          Improvement - An enhancement to an existing Moodle feature. MOBILE-1233 View scaled image at full size

          • Minor - Minor loss of function where workaround is possible
          • Closed
          has a non-specific relationship to

          Improvement - An enhancement to an existing Moodle feature. MDL-47545 Enable cross origin requests in the Web Service REST server

          • Minor - Minor loss of function where workaround is possible
          • Closed

          Activity

            People

              fred Frédéric Massart
              fred Frédéric Massart
              Juan Leyva Juan Leyva
              Dan Poltawski Dan Poltawski
              John Okely John Okely
              Juan Leyva, David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                9/Nov/15