-
Bug
-
Resolution: Fixed
-
Minor
-
2.9.4, 3.0.2
-
MOODLE_29_STABLE, MOODLE_30_STABLE
-
MOODLE_29_STABLE, MOODLE_30_STABLE
-
MDL-52902-master -
In login/token.php we send a CORS headers after the parameters validation, this is causing some problem in some sites using the Mobile app because to make it work we need to simulate a fake login attempt to bypass the required_parameter checks (if we omit the username/password we got an error before the CORS request), this makes Moodle to log some invalid login attempts.
The CORS header must be moved about to avoid this, in this way, we'll be able to check if the script is reachable without passing fake parameters.