Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-50107

Allow Cross-Site requests on token.php

XMLWordPrintable

    • MOODLE_28_STABLE, MOODLE_29_STABLE, MOODLE_30_STABLE
    • MOODLE_28_STABLE, MOODLE_29_STABLE
    • MDL-50107-master
    • Hide
      1. In your Moodle site enable "Mobile services": Plugins ► Web Services ► Mobile
      2. Please, use the attached cors.html file for testing.
      3. You should open that file in a browser (chrome, safari or firefox) using the "File -> Open file" an ensure that the file is opened under the file:// protocol
      4. Enter your site details and your username/password and click Test!
      5. Under the Response.. text you should see a json encoded string contained a generated wstoken
      Show
      In your Moodle site enable "Mobile services": Plugins ► Web Services ► Mobile Please, use the attached cors.html file for testing. You should open that file in a browser (chrome, safari or firefox) using the "File -> Open file" an ensure that the file is opened under the file:// protocol Enter your site details and your username/password and click Test! Under the Response.. text you should see a json encoded string contained a generated wstoken

      All the WS calls declare the header 'Access-Control-Allow-Origin: *'; however token.php does not. But that last one is used to initiate the authenticate process with Moodle (HEAD request) which is blocked by the browsers.

      To replicate, add a site with a browser that did not disable CORS.

        1. cors.html
          1 kB

            jleyva Juan Leyva
            fred Frédéric Massart
            Frédéric Massart Frédéric Massart
            Eloy Lafuente (stronk7) Eloy Lafuente (stronk7)
            Rajesh Taneja Rajesh Taneja
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.