Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-52902

CORS header should be sent before the parameters validation

XMLWordPrintable

    • MOODLE_29_STABLE, MOODLE_30_STABLE
    • MOODLE_29_STABLE, MOODLE_30_STABLE
    • MDL-52902-master
    • Hide
      1. In your Moodle site enable "Mobile services": Plugins ► Web Services ► Mobile
      2. Please, use the attached cors.html file for testing.
      3. You should open that file in a browser (chrome, safari or firefox) using the "File -> Open file" an ensure that the file is opened under the file:// protocol
      4. Enter your site details and your username/password and click Test!
      5. Under the Response.. text you should see a json encoded string contained a generated wstoken
      6. Try to use an invalid password, you should see an exception
      7. Now, leave empty the username and password fields, click Test! you should see a missingparam exception
      Show
      In your Moodle site enable "Mobile services": Plugins ► Web Services ► Mobile Please, use the attached cors.html file for testing. You should open that file in a browser (chrome, safari or firefox) using the "File -> Open file" an ensure that the file is opened under the file:// protocol Enter your site details and your username/password and click Test! Under the Response.. text you should see a json encoded string contained a generated wstoken Try to use an invalid password, you should see an exception Now, leave empty the username and password fields, click Test! you should see a missingparam exception

      In login/token.php we send a CORS headers after the parameters validation, this is causing some problem in some sites using the Mobile app because to make it work we need to simulate a fake login attempt to bypass the required_parameter checks (if we omit the username/password we got an error before the CORS request), this makes Moodle to log some invalid login attempts.

      The CORS header must be moved about to avoid this, in this way, we'll be able to check if the script is reachable without passing fake parameters.

            jleyva Juan Leyva
            jleyva Juan Leyva
            Simey Lameze Simey Lameze
            David Monllaó David Monllaó
            John Okely John Okely
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.