Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-51588

Allow Cross-Origin requests in webservice/pluginfile.php

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 2.9.2
    • 2.8.9, 2.9.3
    • Web Services
    • MOODLE_29_STABLE
    • MOODLE_28_STABLE, MOODLE_29_STABLE
    • MDL-51588-master
    • Hide
      1. Create a new mod_page with image
      2. Do one of the following tests

      Test with Mobile app code

      1. Access the mod_page using Chromium
      2. Confirm that the content of the page is displayed

      Manual test

      1. Extract the SRC of an image of your page (pluginfile.php? ...)
      2. Replace /pluginfile.php with webservice/pluginfile.php in the SRC
      3. Add ?token=TOKEN to SRC using a token that you previously generated, the token should belong to a use who can view the image (admin user for instance)
      4. curl -I SRC
      5. Make sure "Access-Control-Allow-Origin: *" is present in the response headers.
      Show
      Create a new mod_page with image Do one of the following tests Test with Mobile app code Access the mod_page using Chromium Confirm that the content of the page is displayed Manual test Extract the SRC of an image of your page (pluginfile.php? ...) Replace /pluginfile.php with webservice/pluginfile.php in the SRC Add ?token=TOKEN to SRC using a token that you previously generated, the token should belong to a use who can view the image (admin user for instance) curl -I SRC Make sure "Access-Control-Allow-Origin: *" is present in the response headers.

    Description

      All the WS calls declare the header 'Access-Control-Allow-Origin: *'; however pluginfile.php does not. The latter is used when retrieving files from WS and can be problematic when used in a browser.

      To replicate access a mod_page with Chromium/Chrome.

      Attachments

        Issue Links

          Discovered while testing

          Improvement - An enhancement to an existing Moodle feature. MOBILE-1233 View scaled image at full size

          • Minor - Minor loss of function where workaround is possible
          • Closed
          has a non-specific relationship to

          Improvement - An enhancement to an existing Moodle feature. MDL-47545 Enable cross origin requests in the Web Service REST server

          • Minor - Minor loss of function where workaround is possible
          • Closed

          Activity

            People

              fred Frédéric Massart
              fred Frédéric Massart
              Juan Leyva Juan Leyva
              Dan Poltawski Dan Poltawski
              John Okely John Okely
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                9/Nov/15