Commit 9089a4c2 authored by Matt Clarkson's avatar Matt Clarkson Committed by Robert Lyon

Bug 1839897: Allow mobile app to access certain landing pages

By adjusting the CORS restrictions

behatnotneeded

Change-Id: I6cbdf260e3c0b290cbc0fabfea4969aaeda74db4
parent 60df0eef
...@@ -35,6 +35,7 @@ require_once($CFG->docroot . '/webservice/lib.php'); ...@@ -35,6 +35,7 @@ require_once($CFG->docroot . '/webservice/lib.php');
// Allow CORS requests. // Allow CORS requests.
header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Credentials: false');
/** /**
* A "deconstructed" webserver class to handle only the parts of the * A "deconstructed" webserver class to handle only the parts of the
......
...@@ -40,6 +40,11 @@ $response['maharaversion'] = get_config('series'); ...@@ -40,6 +40,11 @@ $response['maharaversion'] = get_config('series');
$response['wwwroot'] = get_config('wwwroot'); $response['wwwroot'] = get_config('wwwroot');
$response['sitename'] = get_config('sitename'); $response['sitename'] = get_config('sitename');
// Allow CORS requests.
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Credentials: false');
if (!$CFG->webservice_provider_enabled) { if (!$CFG->webservice_provider_enabled) {
$response['wsenabled'] = false; $response['wsenabled'] = false;
echo json_encode((object)$response); echo json_encode((object)$response);
......
...@@ -59,6 +59,7 @@ if (!PluginModuleMobileapi::is_service_ready()) { ...@@ -59,6 +59,7 @@ if (!PluginModuleMobileapi::is_service_ready()) {
// Allow CORS requests. // Allow CORS requests.
header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Credentials: false');
$username = param_variable('username'); $username = param_variable('username');
$password = param_variable('password'); $password = param_variable('password');
......
...@@ -309,6 +309,9 @@ class webservice_rest_server extends webservice_base_server { ...@@ -309,6 +309,9 @@ class webservice_rest_server extends webservice_base_server {
header('Expires: '. gmdate('D, d M Y H:i:s', 0) . ' GMT'); header('Expires: '. gmdate('D, d M Y H:i:s', 0) . ' GMT');
header('Pragma: no-cache'); header('Pragma: no-cache');
header('Accept-Ranges: none'); header('Accept-Ranges: none');
// Allow CORS requests.
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Credentials: false');
} }
/** /**
......
...@@ -444,6 +444,7 @@ class webservice_xmlrpc_server extends webservice_base_server { ...@@ -444,6 +444,7 @@ class webservice_xmlrpc_server extends webservice_base_server {
// Allow cross-origin requests only for Web Services. // Allow cross-origin requests only for Web Services.
// This allow to receive requests done by Web Workers or webapps in different domains. // This allow to receive requests done by Web Workers or webapps in different domains.
header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Credentials: false');
} }
/** /**
* Generate the XML-RPC fault response. * Generate the XML-RPC fault response.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment