Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-64281

Always allow frame embedding for requests coming from the Moodle app

XMLWordPrintable

    • MOODLE_36_STABLE, MOODLE_37_STABLE
    • MOODLE_37_STABLE
    • MDL-64281-master
    • Hide
      Prerequisite
      1. Moodle mobile app.
      2. Your Moodle mobile app should be able to connect to your Moodle website. You can either do the following:
        • Ensure that the phone with the mobile app and the web server are on the same network. Or
        • Expose the web server over the internet via ngrok.
      Test
      1. As admin, go to "Administration -> Security -> HTTP security" and check that the "Allow frame embedding" setting is disabled (not ticked). Verify that the help text for the setting includes a note about "mobile app".
      2. In any course, create a new "Page resource" including this HTML code (you have to switch to the html view). Please, replace the src attribute with the correct path to your installation 

        <iframe src="http://192.168.1.156/m/stable_master/admin/tool/policy/viewall.php" width="100%"></iframe>

      3. Save and check that you see the page resource with the iframe contains (the iframe contains it is a page listing the site policies configured, it may display a empty list if no policies configured)
      4. As admin, enable "Mobile services": Site administration ► Mobile app ► Mobile settings
      5. Access with the mobile app to the site using any user account that has access to the page resource you created
      6. Check that the app displays the iframe contents (it may take a few seconds to load the page)
      Show
      Prerequisite Moodle mobile app. Your Moodle mobile app should be able to connect to your Moodle website. You can either do the following: Ensure that the phone with the mobile app and the web server are on the same network. Or Expose the web server over the internet via ngrok. Test As admin, go to "Administration -> Security -> HTTP security" and check that the "Allow frame embedding" setting is disabled (not ticked). Verify that the help text for the setting includes a note about "mobile app". In any course, create a new "Page resource" including this HTML code (you have to switch to the html view). Please, replace the src attribute with the correct path to your installation <iframe src="http://192.168.1.156/m/stable_master/admin/tool/policy/viewall.php" width="100%"></iframe> Save and check that you see the page resource with the iframe contains (the iframe contains it is a page listing the site policies configured, it may display a empty list if no policies configured) As admin, enable "Mobile services": Site administration ► Mobile app ► Mobile settings Access with the mobile app to the site using any user account that has access to the page resource you created Check that the app displays the iframe contents (it may take a few seconds to load the page)

      There are several cases where we need to embed (via iframes) the Moodle site on the app:

      • Vimeo restricted videos (so the Referer of the request to Vimeo servers come from the site)
      • When using custom embedded menu items
      • When someone using the h5p module embed an activity
        etc...

      Right now, the only way to make those frames to work on the app is having the allowframeembedding setting enabled, but this may be risky on some situations and some admins don't enable it so the mobile experience is very poor.

      To solve this, we must allow frame embedding for requests coming from the app. There is an easy way to do this, we can use the UserAgent header in the original request (as part of the UserAgent the word MoodleMobile is always present).

      This should be super safe, because the UserAgent header is not writable via Javascript (can be changed only using a Chrome extension or using your own browser)

        1. image-2019-03-21-08-34-33-115.png
          image-2019-03-21-08-34-33-115.png
          96 kB

            jleyva Juan Leyva
            jleyva Juan Leyva
            Dani Palou Dani Palou
            Eloy Lafuente (stronk7) Eloy Lafuente (stronk7)
            Janelle Barcega Janelle Barcega
            Votes:
            2 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 35 minutes
                35m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.