From 51d2434cfede4d1623c00f3f3a4534988ac053ec Mon Sep 17 00:00:00 2001
From: Juan Leyva <juanleyvadelgado@gmail.com>
Date: Wed, 27 Jan 2016 10:26:04 +0100
Subject: [PATCH] MDL-52902 webservice: Send CORS header before params
 validation

---
 login/token.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/login/token.php b/login/token.php
index b491a6bad25..1a9b48b465d 100644
--- a/login/token.php
+++ b/login/token.php
@@ -27,12 +27,13 @@ define('NO_MOODLE_COOKIES', true);
 
 require_once(dirname(dirname(__FILE__)) . '/config.php');
 
+// Allow CORS requests.
+header('Access-Control-Allow-Origin: *');
+
 $username = required_param('username', PARAM_USERNAME);
 $password = required_param('password', PARAM_RAW);
 $serviceshortname  = required_param('service',  PARAM_ALPHANUMEXT);
 
-// Allow CORS requests.
-header('Access-Control-Allow-Origin: *');
 echo $OUTPUT->header();
 
 if (!$CFG->enablewebservices) {