Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-51588

Allow Cross-Origin requests in webservice/pluginfile.php

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.9.2
    • Fix Version/s: 2.8.9, 2.9.3
    • Component/s: Web Services
    • Labels:
    • Testing Instructions:
      Hide
      1. Create a new mod_page with image
      2. Do one of the following tests

      Test with Mobile app code

      1. Access the mod_page using Chromium
      2. Confirm that the content of the page is displayed

      Manual test

      1. Extract the SRC of an image of your page (pluginfile.php? ...)
      2. Replace /pluginfile.php with webservice/pluginfile.php in the SRC
      3. Add ?token=TOKEN to SRC using a token that you previously generated, the token should belong to a use who can view the image (admin user for instance)
      4. curl -I SRC
      5. Make sure "Access-Control-Allow-Origin: *" is present in the response headers.
      Show
      Create a new mod_page with image Do one of the following tests Test with Mobile app code Access the mod_page using Chromium Confirm that the content of the page is displayed Manual test Extract the SRC of an image of your page (pluginfile.php? ...) Replace /pluginfile.php with webservice/pluginfile.php in the SRC Add ?token=TOKEN to SRC using a token that you previously generated, the token should belong to a use who can view the image (admin user for instance) curl -I SRC Make sure "Access-Control-Allow-Origin: *" is present in the response headers.
    • Affected Branches:
      MOODLE_29_STABLE
    • Fixed Branches:
      MOODLE_28_STABLE, MOODLE_29_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-51588-master

      Description

      All the WS calls declare the header 'Access-Control-Allow-Origin: *'; however pluginfile.php does not. The latter is used when retrieving files from WS and can be problematic when used in a browser.

      To replicate access a mod_page with Chromium/Chrome.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                fred Frédéric Massart
                Reporter:
                fred Frédéric Massart
                Peer reviewer:
                Juan Leyva
                Integrator:
                Dan Poltawski
                Tester:
                John Okely
                Participants:
                Component watchers:
                Juan Leyva, Jake Dallimore, Jun Pataleta, Ryan Wyllie
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  9/Nov/15