iframes in the 3.5.2

Re: iframes in the 3.5.2

by Dani Palou -
Number of replies: 3
Picture of Core developers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

Hi behnaz,

the only improvement we did was to support "auto-login" in some iframes. If any of those iframe points to the current site we try to authenticate the user first before loading the final page (this fixed an H5P issue). As I understand, that solution doesn't apply to your case.

Cheers,

Dani

Average of ratings: -
In reply to Dani Palou

Re: iframes in the 3.5.2

by Gavin Dudeney -

Dani,

We're on 3.5.2 and latest app. I have some embedded H5P activities which work fine on desktop, but display "You do not have access to this content. Try logging in' in the mobile app. Am I to understand that this iss that how it should be, still - or am I missing some settings to get this working? I'm using the ATTO editor plugin which produces the following code:

<iframe src="https://SERVER_ADDRESS_MASKED/develop/moodle/mod/hvp/embed.php?id=4383" class="filter_hvp" id="hvp_4383" style="width:100%; height:auto; border:0;" frameborder="0" allowfullscreen="allowfullscreen"></iframe>

<script src="https://SERVER_ADDRESS_MASKED/develop/moodle/mod/hvp/library/js/h5p-resizer.js" charset="UTF-8"></script>


Many thanks in advance

Gavin

Average of ratings: -
In reply to Gavin Dudeney

Re: iframes in the 3.5.2

by Dani Palou -
Picture of Core developers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers

Hi Gavin,

this issue was fixed for 3.5.2 version of the app (latest), but the solution has some limitations. We use auto-login to authenticate the user in the H5P activity (see this Moodle issue for more information). The requirements to make this work are:

  1. The site needs to use Moodle 3.2 or higher.
  2. The site needs to use https, not http.
  3. The user needs to have a private token. This is created when the user token is created (the user authenticates in the app). If the user authenticated in the app when your server was using a Moodle older than 3.2 you might need to invalidate all tokens to force them to re-create the token. You can see the private tokens in the database, table external_tokens, there is a privatetoken column.
  4. A user can only auto-login once every 6 minutes. Auto-login is usually triggered when an iframe pointing to the site is viewed in the app (your case) or when the app opens a URL pointing to the site in the browser of the device. Please notice that the session in an iframe is usually kept for a while unless the user restarts the app, this means that if the user views the H5P and it works he'll be able to view it again without triggering the auto-login if he doesn't restart the app.

Cheers,

Dani

Average of ratings: -