Skip to content

Commit

Permalink
MDL-64281 core: Always allow frame embedding in the app
Browse files Browse the repository at this point in the history 
The Moodle app must be allowed to embed content always.
  • Loading branch information
@jleyva
jleyva committed Feb 8, 2019
1 parent a62e275 commit b5d889b
Show file tree
Hide file tree
Showing 4 changed files with 170 additions and 3 deletions.
2 changes: 1 addition & 1 deletion lang/en/admin.php
View file
Expand Up @@ -61,7 +61,7 @@
$string['allowindexingnowhere'] = 'Nowhere';
$string['allowusermailcharset'] = 'Allow user to select character set';
$string['allowframembedding'] = 'Allow frame embedding';
$string['allowframembedding_help'] = 'If enabled, this site may be embedded in a frame in a remote system, as recommended when using the \'Publish as LTI tool\' enrolment plugin. Otherwise, it is recommended to leave frame embedding disabled for security reasons.';
$string['allowframembedding_help'] = 'If enabled, this site may be embedded in a frame in a remote system, as recommended when using the \'Publish as LTI tool\' enrolment plugin. Otherwise, it is recommended to leave frame embedding disabled for security reasons.<br />Please, note also that for the mobile app this setting is ignored and frame embedding is always allowed.';
$string['allowguestmymoodle'] = 'Allow guest access to Dashboard';
$string['allowobjectembed'] = 'Allow EMBED and OBJECT tags';
$string['allowthemechangeonurl'] = 'Allow theme changes in the URL';
Expand Down
17 changes: 17 additions & 0 deletions lib/classes/useragent.php
View file
Expand Up @@ -1068,6 +1068,23 @@ public static function is_ios($version = null) {
return false;
}

/**
* Returns true if the client appears to be the Moodle app (or an app based on the Moodle app code).
*
* @return bool true if the client is the Moodle app
* @since Moodle 3.7
*/
public static function is_moodle_app() {
$useragent = self::get_user_agent_string();

// Make it case insensitive, things can change in the app or desktop app depending on the platform frameworks.
if (stripos($useragent, 'MoodleMobile') !== false) {
return true;
}

return false;
}

/**
* Checks if current browser supports files with give extension as <video> or <audio> source
*
Expand Down
151 changes: 150 additions & 1 deletion lib/tests/useragent_test.php
View file
Expand Up @@ -1386,6 +1386,141 @@ public function user_agents_providers() {
),
),
),

// Macos Desktop app.
array(
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) moodlemobile/3.6.0 Chrome/69.0.3497.106 Electron/4.0.1 Safari/537.36 MoodleMobile',
array(
'is_moodle_app' => true,
'is_webkit' => true,
'is_chrome' => true,
'check_chrome_version' => array(
'7' => true,
'8' => true,
'10' => true,
'39' => true,
),
'versionclasses' => array(
'chrome',
),
),
),

// Linux Desktop app.
array(
'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) moodledesktop/3.6.0 Chrome/69.0.3497.106 Electron/4.0.1 Safari/537.36 MoodleMobile',
array(
'is_moodle_app' => true,
'is_webkit' => true,
'is_chrome' => true,
'check_chrome_version' => array(
'7' => true,
'8' => true,
'10' => true,
'39' => true,
),
'versionclasses' => array(
'chrome',
),
),
),

// Windows Desktop app.
array(
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) moodledesktop/3.6.0 Chrome/69.0.3497.106 Electron/4.0.1 Safari/537.36 MoodleMobile',
array(
'is_moodle_app' => true,
'is_webkit' => true,
'is_chrome' => true,
'check_chrome_version' => array(
'7' => true,
'8' => true,
'10' => true,
'39' => true,
),
'versionclasses' => array(
'chrome',
),
),
),

// Android app.
array(
'Mozilla/5.0 (Linux; Android 7.1.1; Moto G Play Build/NPIS26.48-43-2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.99 Mobile Safari/537.36 MoodleMobile',
array(
'is_moodle_app' => true,
'is_webkit' => true,
'is_webkit_android' => true,
'is_chrome' => true,
'check_chrome_version' => array(
'7' => true,
'8' => true,
'10' => true,
'39' => true,
),
'devicetype' => 'mobile',
'check_webkit_android_version' => array(
'525' => true,
'527' => true,
),
'versionclasses' => array(
'android',
'chrome'
),
),
),

// Android app, user agent lower case.
array(
'Mozilla/5.0 (Linux; Android 7.1.1; Moto G Play Build/NPIS26.48-43-2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.99 Mobile Safari/537.36 moodlemobile',
array(
'is_moodle_app' => true,
'is_webkit' => true,
'is_webkit_android' => true,
'is_chrome' => true,
'check_chrome_version' => array(
'7' => true,
'8' => true,
'10' => true,
'39' => true,
),
'devicetype' => 'mobile',
'check_webkit_android_version' => array(
'525' => true,
'527' => true,
),
'versionclasses' => array(
'android',
'chrome'
),
),
),

// iOS (iPhone) app.
array(
'Mozilla/5.0 (iPhone; CPU OS 13_3_3 like Mac OS X) AppleWebKit/603.3.8 (KHTML, like Gecko) Mobile/14G60 MoodleMobile',
array(
'is_moodle_app' => true,
'is_ios' => true,
'is_webkit' => true,
'devicetype' => 'mobile',
'versionclasses' => array(
),
),
),

// iOS (iPad) app.
array(
'Mozilla/5.0 (iPad; CPU OS 12_1_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/16D39 MoodleMobile',
array(
'is_moodle_app' => true,
'is_ios' => true,
'is_webkit' => true,
'devicetype' => 'tablet',
'versionclasses' => array(
),
),
),
);
}

Expand Down Expand Up @@ -1710,7 +1845,10 @@ public function test_useragent_ios($useragent, $tests) {
if (isset($tests['is_ios']) && $tests['is_ios']) {
$this->assertTrue(core_useragent::is_ios(),
"Browser was not identified as an iOS device browser");
$this->assertTrue(core_useragent::check_safari_ios_version());
// The iOS app is not Safari based.
if (!isset($tests['is_moodle_app']) || !$tests['is_moodle_app']) {
$this->assertTrue(core_useragent::check_safari_ios_version());
}
} else {
$this->assertFalse(core_useragent::is_ios(),
"Browser was incorrectly identified as an iOS device browser");
Expand Down Expand Up @@ -1880,4 +2018,15 @@ public function test_useragent_web_crawler($useragent, $tests) {
$expectation = isset($tests['is_web_crawler']) ? $tests['is_web_crawler'] : false;
$this->assertSame($expectation, core_useragent::is_web_crawler());
}

/**
* @dataProvider user_agents_providers
*/
public function test_useragent_moodle_app($useragent, $tests) {
// Setup the core_useragent instance.
core_useragent::instance(true, $useragent);

$expectation = isset($tests['is_moodle_app']) ? $tests['is_moodle_app'] : false;
$this->assertSame($expectation, core_useragent::is_moodle_app());
}
}
3 changes: 2 additions & 1 deletion lib/weblib.php
View file
Expand Up @@ -2281,7 +2281,8 @@ function send_headers($contenttype, $cacheable = true) {
}
@header('Accept-Ranges: none');

if (empty($CFG->allowframembedding)) {
// The Moodle app must be allowed to embed content always.
if (empty($CFG->allowframembedding) && !core_useragent::is_moodle_app()) {
@header('X-Frame-Options: sameorigin');
}
}
Expand Down

0 comments on commit b5d889b

Please sign in to comment.