Unfortunately the babel minify-mangle plugin seems to be abandoned and
in certain circumstances can be very buggy. The only safe options are to
disable it, or to switch to a different minification library.
Not minifying our javascript is not ideal, so this commit updates the
javascript tasks to use a rollup, combined with babel, and terser.
Babel still converts code from ES/UMD/AMD to AMD modules with the
relevant browser support, whilst terser minifies the code.
The rollup bundler handles tracking and creation of sourcemaps, and
supports better parallelisation of the tasks.
Since the upgrade to Node LTS/Gallium requires an upgrade to @babel/core
and eslint, which change the built files anyway, this seems like the
ideal time to make this change.
This allows for better caching capabilities on servers. If a
cache key is passed and the web service call does not require
the user to be logged in we will attempt to use GET for the
request. This allows for things like proxy caching on URLs.
The cache key must be changed if we do not want to retrieve
what has been cached and want to perform the request again.
jQuery ajax requests containing multiple '?' get replaced with a
string similar to jQuery152330039032_1231231, this is because it
is processing a stringified data object as jsonp and thinks its a url.
workaround is to add contenttype
see https://github.com/jquery/jquery/issues/1799
Now the db/service.php array can contain these extra keys to provide information
on how a webservice may be called:
'ajax' => true (Default is false)
Replaces the xx_is_allowed_from_ajax callback.
'loginrequired' => false (Default is true)
Means that this webservice can be called through lib/ajax/service-nosession.php
which sets NO_MOODLE_COOKIES to true (faster). This is only safe for webservices returning
static public data (e.g. get_string).
This needs to be done before we can expose any webservices that
change state, or return private info to ajax (to prevent CSRF).
Currently there are no webservices exposed to ajax that meet these
criteria - so this issue is to prevent future security issues.
This is a new script that can call any function in the built-in AJAX webservice. This is
a new system service that is added at install time (like the mobile webservice). It has no
protocols added to it, but it accessible by a new ajax script /lib/ajax/service.php.
Requests and responses to the script are required to be in json format, and multiple functions can
be called in a single request.
