diff --git a/Modules/LTIConsumer/classes/class.ilLTIConsumeProviderFormGUI.php b/Modules/LTIConsumer/classes/class.ilLTIConsumeProviderFormGUI.php
index 786f6f7601c2..5d162887245b 100755
--- a/Modules/LTIConsumer/classes/class.ilLTIConsumeProviderFormGUI.php
+++ b/Modules/LTIConsumer/classes/class.ilLTIConsumeProviderFormGUI.php
@@ -1,7 +1,5 @@
setVariable('LTI_TOOL_REG_URL', $toolRegUrl);
$template->setVariable('LTI_DYN_REG_URL', $regUrl);
+ $template->setVariable('LTI_DYN_REG_URL_BY_POST', $toolRegUrl);
$template->setVariable('LTI_REG_END_URL', ilObjLTIConsumer::getRegistrationEndUrl());
$template->setVariable('LTI_SHOW_TOOL_CONFIG_URL', $showToolConfigUrl);
$template->setVariable('LTI_REG_ERROR_URL', $regErrorUrl);
diff --git a/Modules/LTIConsumer/ltiregstart.php b/Modules/LTIConsumer/ltiregstart.php
index d523fe7707e3..1e0c26268b5f 100644
--- a/Modules/LTIConsumer/ltiregstart.php
+++ b/Modules/LTIConsumer/ltiregstart.php
@@ -1,7 +1,5 @@
has('url')) {
$url = $params->retrieve('url', $DIC->refinery()->kindlyTo()->string());
+
+ if (empty($_POST["url"]) || $_POST["url"] != $url) {
+ ilObjLTIConsumer::sendResponseError(400, "url parameter in request does not match url parameter in post");
+ }
} else {
ilObjLTIConsumer::sendResponseError(400, "missing required url parameter in request");
}
diff --git a/Modules/LTIConsumer/templates/default/tpl.lti_dyn_reg_request.html b/Modules/LTIConsumer/templates/default/tpl.lti_dyn_reg_request.html
index a867c45a1cc6..6f4555bed9fd 100644
--- a/Modules/LTIConsumer/templates/default/tpl.lti_dyn_reg_request.html
+++ b/Modules/LTIConsumer/templates/default/tpl.lti_dyn_reg_request.html
@@ -1,4 +1,8 @@
-
+
+
\ No newline at end of file