I am working on an application within a Moodle 2.0 instance which uses YUI 3's DataSource.IO module to consume a Moodle 2.0 REST service.
The request fails with the error 'Unexpected keys detected in parameter array.'
This is due to the YUI request sending the following cookies:
MOODLEID_
MoodleSession
which then later become part of the $_REQUEST super global in the web service handler, and the request is rejected due to unexpected keys.
If I hack the web service code by adding the following to the parse_request function, then the request is processed successfully:
unset($_REQUEST['MOODLEID_']);
unset($_REQUEST['MoodleSession']);
$this->parameters = $_REQUEST;
Is this functionality intended for security reasons? Or could the web service be configured to ignore any cookies that are sent?
Alternatively does anyone know if it is possible to prevent YUI from sending the cookies when performing the XMLHttpRequest, or are they added automatically by the browser?
Hope someone can point me in the right direction!
Thanks in advance
Alastair
Moodle 2.0 REST service called by YUI 3 DataSource.IO
Number of replies: 2Re: Moodle 2.0 REST service called by YUI 3 DataSource.IO
Hi Alastair,
I just had a look to the REST code, your hack seems fair.
As you pointed out, the REST server checkes all GET/POST parameters and returns an exception if something is not matching the web service function description (external.php files). It is intended for security reason.
For your second question, the web service could ignore any cookies, but it seems to me it's a specific case.
Except if I miss something with REST and these "YUI cookies", I think you are in the right direction at looking to not sending extra parameters from YUI.
I just had a look to the REST code, your hack seems fair.
As you pointed out, the REST server checkes all GET/POST parameters and returns an exception if something is not matching the web service function description (external.php files). It is intended for security reason.
For your second question, the web service could ignore any cookies, but it seems to me it's a specific case.
Except if I miss something with REST and these "YUI cookies", I think you are in the right direction at looking to not sending extra parameters from YUI.
Re: Moodle 2.0 REST service called by YUI 3 DataSource.IO
Thanks for your quick reply, I'll have a look into getting YUI to strip the cookies from the request
Cheers
Cheers