canvas_lti_third_party_cookies
Advanced tools
Safari blocks all 3rd-party cookies by default, which breaks LTI tools that rely on setting cookies when launched in an iframe. Other browsers will soon follow suit. Instead, Safari exposes a new API for getting user-permitted access to set cookies from an iframe, which unfortunately doesn't completely work for LTI use cases. See this article for a detailed explanation of the Storage Access API and previous attempts to launch LTI tools in Safari: https://community.canvaslms.com/t5/Developers-Group/Safari-13-1-and-LTI-Integration/ba-p/273051
The current workaround that this gem implements is to relaunch the tool in a new tab, new window, or popup window, where it can set first-party cookies to its heart's content. The relaunch occurs during the login request, so the tool is entirely in control, and no other parts of the LTI launch flow are modified.
Add this line to your application's Gemfile:
# Set 3rd party cookies in Safari
gem 'canvas_lti_third_party_cookies'
And then execute:
$ bundle install
Since this gem includes some static assets (JS, CSS, images), you will need to make sure
that your application runs the rake assets:precompile task at some point during its
build process. Most Rails applications will be running that already, either directly or
as part of the rake webpacker:compile task.
Neglecting to precompile assets will result in runtime errors when users try to launch your LTI tool.
Choose the Rails controller action that's used to handle tool authentication requests. Set the before_action callback below to run on that action, and pass the data needed.
redirect_url (required): the authorization redirect URL to continue the login flowredirect_data (required): all form data required for the authorization redirect, which
the previous login render call should have included in a form tag.window_type: (optional) Set to :new_window to open the tool in a
new tab or window, or to :popup to open in a popup window.
Defaults to :new_window.width: (optional) The width the popup window should be, in px. User
has the discretion to ignore this. Only valid with window_type: popup.
Defaults to 800px.height: (optional) The height the popup window should be, in px. User
has the discretion to ignore this. Only valid with window_type: popup.
Defaults to 600px.example:
include CanvasLtiThirdPartyCookies::RelaunchOnLogin
...
def login
state, nonce = create_and_cache_state # handled elsewhere
redirect_url = 'http://canvas.instructure.com/api/lti/authorize_redirect'
# this data is part of the OIDC Launch Flow as defined here:
# https://www.imsglobal.org/spec/security/v1p0/#step-2-authentication-request
redirect_data = {
scope: 'openid',
response_type: 'id_token',
response_mode: 'form_post',
prompt: 'none',
redirect_uri: tool_launch_url, # defined elsewhere
client_id: params.require(:client_id),
login_hint: params.require(:login_hint),
lti_message_hint: params.require(:lti_message_hint),
state: state,
nonce: nonce
}
relaunch_on_login(redirect_url, redirect_data)
end
To make changes and test them locally, it's possible to install this gem in a local LTI tool installation.
, path: './cookies' to the line for this gem../cookies path. It should look like this:volumes:
- ./path/to/lti_third_party_cookies:/usr/src/app/cookies
bundle install again.The same process is possible with non-docker-compose apps, just directly point to the gem's folder from your tool's Gemfile.
The ruby tests use minitest, which comes bundled with rails. To run them locally:
rails test
There is a Docker setup for running tests that's used for CI. To run them in Docker locally:
docker build -f test/Dockerfile.ruby -t ruby-test .
docker run --rm ruby-test rails test
The JS tests are self-contained in the test/javascripts folder. To run them locally:
cd test/javascripts
yarn install
yarn test
There is a Docker setup for running tests that's used for CI. To run them in Docker locally:
docker build -f test/Dockerfile.node -t node-test .
docker run --rm node-test yarn test
All user-facing strings in this gem are localized and translated into the languages that Canvas supports. Any time that any strings are changed, you should make sure this is run:
rake app:i18nliner:dump
Then, add config/locales/generated/en.yml to your commit.
After making changes to en.yml, you will need to push these changes to the
instructure-translations S3 bucket so that the translators can update other locales.
TODO: the script or Jenkins job to actually push to S3.
Once translators have finished updating other locales, they will notify you, and you can
pull down the new locale files into config/locales, and commit and push them.
TODO: the script or Jenkins job to pull from S3.
lib/canvas_lti_third_party_cookies/version.rb.rake installgem push pkg/canvas_lti_third_party_cookies-<version>.gemFAQs
Unknown package
We found that canvas_lti_third_party_cookies demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.