search

catalyst / moodle-local_login

Login splash page to help point users at correct login process.
Other
5 stars 4 forks source link

Bypass alternateloginurl #17

Closed SashaAnastasi closed 1 year ago

SashaAnastasi commented 1 year ago

In Tōtara 15 and onwards alternateloginurl is deprecated and disabled unless the config setting allowlogincsrf is enabled. Enabling this setting carries security implications.

Since alternateloginurl is only being used as a shortcut to the login page for this plugin and the login page's URL won't vary when this plugin is being used, a solution could be to hardcode the relative login URL in the plugin rather than using alternateloginurl.

danmarsden commented 1 year ago

duplicate of #14 which is fixed and rolling out into catalyst locals today