MDL-47545 web services: Allow cross origin requests for file downloads

hello-josh · Oct 24, 2014 · 3ca3d25 · 3ca3d25
1 parent 5e28991
commit 3ca3d25
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/lib/filelib.php b/lib/filelib.php
@@ -1953,6 +1953,13 @@ function file_mimetype_in_typegroup($mimetype, $groups) {
  */
 function send_file_not_found() {
     global $CFG, $COURSE;
+
+    // Allow cross-origin requests only for Web Services.
+    // This allow to receive requests done by Web Workers or webapps in different domains.
+    if (WS_SERVER) {
+        header('Access-Control-Allow-Origin: *');
+    }
+
     send_header_404();
     print_error('filenotfound', 'error', $CFG->wwwroot.'/course/view.php?id='.$COURSE->id); //this is not displayed on IIS??
 }
@@ -2476,6 +2483,12 @@ function send_stored_file($stored_file, $lifetime=null, $filter=0, $forcedownloa
         }
     }
 
+    // Allow cross-origin requests only for Web Services.
+    // This allow to receive requests done by Web Workers or webapps in different domains.
+    if (WS_SERVER) {
+        header('Access-Control-Allow-Origin: *');
+    }
+
     if (empty($filter)) {
         // send the contents
         readfile_accel($stored_file, $mimetype, !$dontdie);

diff --git a/webservice/rest/locallib.php b/webservice/rest/locallib.php
@@ -184,6 +184,8 @@ protected function send_headers() {
         header('Expires: '. gmdate('D, d M Y H:i:s', 0) .' GMT');
         header('Pragma: no-cache');
         header('Accept-Ranges: none');
+        // Allow cross-origin requests only for Web Services.
+        // This allow to receive requests done by Web Workers or webapps in different domains.
         header('Access-Control-Allow-Origin: *');
     }