-
Bug
-
Resolution: Fixed
-
Minor
-
4.1.5, 4.2.2, 4.3
This writes to the session as a side effect:
https://github.com/moodle/moodle/blob/master/lib/moodlelib.php#L10325
If read only sessions is on then the language in the Accept-Language header should be honoured for this request but not attempt to persist it into the session
This was found from a CORS preflight request which doesn't have a session, so it is making a fresh session because even though the user is logged in the preflight request never sends cookies. Then the script sets the lang, which breaks, all for an OPTIONS request that doesn't actually work:
curl -s 'https://moodle.example.com/lib/ajax/service.php?sesskey=123456789&info=core_calendar_get_action_events_by_timesort' -X OPTIONS -H "Access-Control-Request-Method: POST" -H "Access-Control-Request-Headers: content-type" -H "Accept-Language: fr-CH, fr;q=0.9, en;q=0.8, de;q=0.7, *;q=0.5"
{"error":"Erreur de programmation d\u00e9tect\u00e9e. Ceci doit \u00eatre corrig\u00e9 par un programmeur\u00a0: Invalid json in request: Syntax error","errorcode":"codingerror","stacktrace":null,"debuginfo":null,"reproductionlink":null}There is a few other things failing here which will be tackled in other trackers (eg proper CORS support)
To reproduce you need to have other lang packs enabled
- has been marked as being related by
-
MDL-58018 Reduce session lock contention with opt-in READ_ONLY_SESSION
- Closed