[MDL-74288] Dynamic registration postMessage needs to include targetOrigin - Moodle Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 4.0
Fix Version/s: 4.0
Component/s: LTI provider
Labels:
- ci
- hqteam_alpha
- triaged

Affected Branches:
MOODLE_400_STABLE
Fixed Branches:
MOODLE_400_STABLE
Pull from Repository:
https://github.com/snake/moodle.git
Pull Master Branch:
~~MDL-74288~~-master
Pull Master Diff URL:
https://github.com/moodle/moodle/compare/0d0f09bc7f95...snake:MDL-74288-master
Testing Instructions:
Hide

Create new site locally

Make the site available over ngrok https

Enable auth_lti and enrol_lti

Go to Admin settings > Enrolments > Publish as LTI tool > Tool registration

Generate a dynamic registration URL and copy it

Now, log in to the demo/qa site as an admin (any public Moodle site where admin access is available)

Go to Admin settings > Plugins > External tool > Manage tools

Enter the dynamic registration URL in the "Tool URL" field

Click "Add LTI Advantage"

Verify the registration process runs through and you find yourself back on the manage tools page with a new tool card.
Show
Create new site locally Make the site available over ngrok https Enable auth_lti and enrol_lti Go to Admin settings > Enrolments > Publish as LTI tool > Tool registration Generate a dynamic registration URL and copy it Now, log in to the demo/qa site as an admin (any public Moodle site where admin access is available) Go to Admin settings > Plugins > External tool > Manage tools Enter the dynamic registration URL in the "Tool URL" field Click "Add LTI Advantage" Verify the registration process runs through and you find yourself back on the manage tools page with a new tool card.

Sprint:
QA time

Description

Missed this during local testing, but it's clearly preventing the message event from being dispatched when testing using Moodle demo + ngrok public sites.

https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage

Fix is simple: just use the issuer provided in the platform's openid config as the second param to the postMessage() call.

To replicate the issue:

Create new site locally
Make the site available over ngrok https
Enable auth_lti and enrol_lti
Go to Admin settings > Enrolments > Publish as LTI tool > Tool registration
Generate a dynamic registration URL and copy it
Now, log in to the demo/qa site as an admin (any public Moodle site where admin access is available)
Go to Admin settings > Plugins > External tool > Manage tools
Enter the dynamic registration URL in the "Tool URL" field
Click "Add LTI Advantage"
Expected: the registration process runs through and you find yourself back on the manage tools page with a new tool card.
Actual: the registration process gets stuck on a blank screen and you need to cancel to get back to the tool list. The registration was created, but the process stalled because of the postMessage message failing to be dispatched. You'll also see a js console error to this effect.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

MDL-74288 testing.png
70 kB
24/Mar/22 1:39 PM

Issue Links

has a non-specific relationship to

MDL-69542 LTI: Update tool provider feature to support 1.3

Closed

Activity

People

Assignee:: Jake Dallimore

Reporter:: Jake Dallimore

Peer reviewer:: Mathew May

Integrator:: Victor Déniz Falcón

Tester:: Angelia Dela Cruz

Participants:: Angelia Dela Cruz, CiBoT, Jake Dallimore, Mathew May, Victor Déniz Falcón

Component watchers:: David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 22/Mar/22 10:35 AM

Updated:: 25/Mar/22 11:52 PM

Resolved:: 25/Mar/22 11:52 PM

Fix Release Date:: 19/Apr/22

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

55m