Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-63093

Preserving links to on-platform content with a dynamically set wwwroot

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 3.1.13, 3.3.7, 3.4.4, 3.5.1
    • Fix Version/s: None
    • Component/s: Caching, Course
    • Labels:
      None

      Description

      With this ticket I'm hoping to reach consensus on what, if anything, Moodle can do to simplify multi-tenancy of a single Moodle instance operating across multiple domains or subdomains. I appreciate that this isn't currently a supported configuration and that there may be technical reasons that this is the case.

      Use case

      1. Sharing a single Moodle deployment (shared source, database and cache) for use by multiple tenants.
      2. Providing access to a Moodle platform via different addresses (e.g. a school providing separate WAN/LAN configurations).

      In this case you may set $CFG->wwwroot along the lines of the following, allowing dynamic assignment based on the contents of the request. Note that there's a need to validate the supplied Host header in the server configuration!

      // Fall back to a wwwroot of http://demo.moodle.org in the event these values aren't available, e.g. on cron runs.
      $CFG->wwwroot = ''
              . (((array_key_exists('REQUEST_SCHEME', $_SERVER) && $_SERVER['REQUEST_SCHEME'] === 'https') || !empty($CFG->sslproxy)) ? 'https' : 'http')
              . '://'
              . (array_key_exists('HTTP_HOST', $_SERVER) ? $_SERVER['HTTP_HOST'] : 'demo.moodle.org');
      

      For the most part Moodle behaves "correctly" in this scenario, generating URLs relative to the provided wwwroot. Problems occur when wwwroot values appear in the content. For instance, an editing teacher logged in at the platform's canonical URL (https://demo.moodle.org) may create a URL activity pointing to another course on the platform (e.g. https://demo.moodle.org/course/view.php?id=123). A student logged into the platform from https://academy.acmecorp.com/ may follow this link and find themselves being prompted to log in on a domain they don't recognise as their session was only valid for demo.moodle.org.

      Proposed changes

      1. Add a generic wwwroot placeholder to moodle_url and some utility methods. I've modelled this after the existing pluginfile code (e.g. file_rewrite_pluginfile_urls().
      2. In modinfolib, replace references to the wwwroot placeholder with the active wwwroot.
      3. For the URL resource, filter the wwwroot from the externalurl value on its way into the database and on its way back out.
      4. For the LTI activity and page, resource and URL activities, ensure *_get_coursemodule_info() returns an onclick parameter with the wwwroot placeholder.

      Relevant dev chat discussion

      coursemodinfo-cache-onclick-devchat.txt

      Known issues

      1. What should happen for URL resources during backup and restore? Leaving the @@WWWROOT@@ placeholders in the URLs doesn't seem like an option for backwards compatibility. It looks as though we store original_wwwroot in backup_main_structure_step->define_structure(). Do we rewrite and store URLs in this form for rewriting on restore?

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              lukecarrier Luke Carrier
              Participants:
              Component watchers:
              Matteo Scaramuccia, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón
            • Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated: