Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-74288

Dynamic registration postMessage needs to include targetOrigin

XMLWordPrintable

    • MOODLE_400_STABLE
    • MOODLE_400_STABLE
    • MDL-74288-master
    • Hide
      1. Create new site locally
      2. Make the site available over ngrok https
      3. Enable auth_lti and enrol_lti
      4. Go to Admin settings > Enrolments > Publish as LTI tool > Tool registration
      5. Generate a dynamic registration URL and copy it
      6. Now, log in to the demo/qa site as an admin (any public Moodle site where admin access is available)
      7. Go to Admin settings > Plugins > External tool > Manage tools
      8. Enter the dynamic registration URL in the "Tool URL" field
      9. Click "Add LTI Advantage"
      10. Verify the registration process runs through and you find yourself back on the manage tools page with a new tool card.
      Show
      Create new site locally Make the site available over ngrok https Enable auth_lti and enrol_lti Go to Admin settings > Enrolments > Publish as LTI tool > Tool registration Generate a dynamic registration URL and copy it Now, log in to the demo/qa site as an admin (any public Moodle site where admin access is available) Go to Admin settings > Plugins > External tool > Manage tools Enter the dynamic registration URL in the "Tool URL" field Click "Add LTI Advantage" Verify the registration process runs through and you find yourself back on the manage tools page with a new tool card.
    • QA time

      Missed this during local testing, but it's clearly preventing the message event from being dispatched when testing using Moodle demo + ngrok public sites.

      https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage

      Fix is simple: just use the issuer provided in the platform's openid config as the second param to the postMessage() call.

      To replicate the issue:

      1. Create new site locally
      2. Make the site available over ngrok https
      3. Enable auth_lti and enrol_lti
      4. Go to Admin settings > Enrolments > Publish as LTI tool > Tool registration
      5. Generate a dynamic registration URL and copy it
      6. Now, log in to the demo/qa site as an admin (any public Moodle site where admin access is available)
      7. Go to Admin settings > Plugins > External tool > Manage tools
      8. Enter the dynamic registration URL in the "Tool URL" field
      9. Click "Add LTI Advantage"
        Expected: the registration process runs through and you find yourself back on the manage tools page with a new tool card.
        Actual: the registration process gets stuck on a blank screen and you need to cancel to get back to the tool list. The registration was created, but the process stalled because of the postMessage message failing to be dispatched. You'll also see a js console error to this effect.

            jaked Jake Dallimore
            jaked Jake Dallimore
            Mathew May Mathew May
            Victor Déniz Falcón Victor Déniz Falcón
            Angelia Dela Cruz Angelia Dela Cruz
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 55 minutes
                55m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.