[MDL-60424] Allow Cross-Origin requests in webservice/upload.php (backport of MDL-60302) - Moodle Tracker

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.3.2
Fix Version/s: 3.2.6, 3.3.3
Component/s: Web Services
Labels:

Affected Branches:
MOODLE_33_STABLE
Fixed Branches:
MOODLE_32_STABLE, MOODLE_33_STABLE
Pull from Repository:
git://github.com/jleyva/moodle.git
Testing Instructions:
Hide

As admin, enable "Mobile services": Site administration ► Mobile app ► Mobile settings

Create a Token in the mobile app service for one user:

Click on Site administration ► Plugins ► Web services ► Manage tokens

Unzip the attached zip file

Edit the unzipped js/script.js file, look for the line starting by oXHR.open('POST', and change the Moodle URL with your one, replace the token with the token generated in step 2

Open the unzipped index.html in a browser

Upload a file via the index.html form and check that you receive a JSON response where you will be able to find attributes like the draft itemid, filename, contextid, userid and other values

If you try to upload a file without the patch applied you will get an error
Show
As admin, enable "Mobile services": Site administration ► Mobile app ► Mobile settings Create a Token in the mobile app service for one user: Click on Site administration ► Plugins ► Web services ► Manage tokens Unzip the attached zip file Edit the unzipped js/script.js file, look for the line starting by oXHR.open('POST', and change the Moodle URL with your one, replace the token with the token generated in step 2 Open the unzipped index.html in a browser Upload a file via the index.html form and check that you receive a JSON response where you will be able to find attributes like the draft itemid, filename, contextid, userid and other values If you try to upload a file without the patch applied you will get an error

Description

It should be completely safe to apply ~~MDL-60302~~ in previous Moodle versions.

This functionality if especially handy for uploading files via AJAX in webapps.

Attachments

Issue Links

has been marked as being related by

MDL-60302 Allow Cross-Origin requests in webservice/upload.php

Closed

Activity

People

Assignee:: Juan Leyva

Reporter:: Juan Leyva

Peer reviewer:: Pau Ferrer

Integrator:: David Monllaó

Tester:: Simey Lameze

Participants:: CiBoT, David Monllaó, Eloy Lafuente (stronk7), Juan Leyva, Pau Ferrer, Simey Lameze

Component watchers:: Juan Leyva, David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 13/Oct/17 4:03 AM

Updated:: 09/Nov/17 3:01 AM

Resolved:: 09/Nov/17 3:01 AM

Fix Release Date:: 13/Nov/17