Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-51588

Allow Cross-Origin requests in webservice/pluginfile.php

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.9.2
    • Fix Version/s: 2.8.9, 2.9.3
    • Component/s: Web Services
    • Labels:
    • Testing Instructions:
      Hide
      1. Create a new mod_page with image
      2. Do one of the following tests

      Test with Mobile app code

      1. Access the mod_page using Chromium
      2. Confirm that the content of the page is displayed

      Manual test

      1. Extract the SRC of an image of your page (pluginfile.php? ...)
      2. Replace /pluginfile.php with webservice/pluginfile.php in the SRC
      3. Add ?token=TOKEN to SRC using a token that you previously generated, the token should belong to a use who can view the image (admin user for instance)
      4. curl -I SRC
      5. Make sure "Access-Control-Allow-Origin: *" is present in the response headers.
      Show
      Create a new mod_page with image Do one of the following tests Test with Mobile app code Access the mod_page using Chromium Confirm that the content of the page is displayed Manual test Extract the SRC of an image of your page (pluginfile.php? ...) Replace /pluginfile.php with webservice/pluginfile.php in the SRC Add ?token=TOKEN to SRC using a token that you previously generated, the token should belong to a use who can view the image (admin user for instance) curl -I SRC Make sure "Access-Control-Allow-Origin: *" is present in the response headers.
    • Affected Branches:
      MOODLE_29_STABLE
    • Fixed Branches:
      MOODLE_28_STABLE, MOODLE_29_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-51588-master

      Description

      All the WS calls declare the header 'Access-Control-Allow-Origin: *'; however pluginfile.php does not. The latter is used when retrieving files from WS and can be problematic when used in a browser.

      To replicate access a mod_page with Chromium/Chrome.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              fred Frédéric Massart
              Reporter:
              fred Frédéric Massart
              Peer reviewer:
              Juan Leyva
              Integrator:
              Dan Poltawski
              Tester:
              John Okely
              Participants:
              Component watchers:
              Juan Leyva, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                9/Nov/15