Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-42105

Configuration for browser feature policy in iframes

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: CLOSED
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 12.7, 19.2, 20.0
    • Fix Version/s: 12.7, 19.2, 20.0
    • Component/s: Global
    • Labels:
      None
    • 19 status:
      Resolved
    • 12 status:
      Resolved
    • Property addition/change required:
      Yes
    • Test Plan:
      Hide

      There are 2 tests that should be done:

      1. Lessons Test
        1. Create an assignment with the Assignments tool
        2. Using the Lessons tool Embed/Link to the Assignment created above
        3. Next in Lessons click on the embedded/linked assignment
        4. Using Chrome inspector look for the iframe lessons used to embed the assignments tool
        5. Verify the iframe has the following "allow" attribute:
          1. allow="autoplay *;fullscreen *;encrypted-media *;camera 'self';microphone 'self'" 
          2. example iframe
            <iframe allow="autoplay *;fullscreen *;encrypted-media *;camera 'self';microphone 'self'" role="main" data-namespace="Mrphs-container Mrphs-sakai-lessonbuildertool Mrphs-sakai-assignment-grades" allowfullscreen="true" mozallowfullscreen="true" src="http://localhost:8080/portal/tool/51873d7a-47f7-4d33-be24-6ab99e5d1fdb?assignmentReference=/assignment/a/AMHX_415P_7802/ec7e1dc8-7690-4764-af8b-097801a7d79b&panel=Main&sakai_action=doView_submission" webkitallowfullscreen="true" onload="resizeiframe1()" marginwidth="0" scrolling="auto" name="iframe1" width="100%" frameborder="0" id="iframe1" marginheight="0" height="2001" style="height: 1717px;">
            </iframe>
      2. LTI Test
        1. Create an LTI tool i.e. https://www.tsugi.org/lti-test/
        2. Add it to the site tools via Site Info -> Manage Tools
        3. Next click on the tool from the tool menu
          1. Verify that the LTI tool loads
          2. If using Tsugi test from above it will say Launch Validated
        4. inspect the tool and look for the following iframe "id=wciframe"
          1. Verify the iframe has the "allow" attribute:
            allow="autoplay *;fullscreen *;encrypted-media *;camera 'self';microphone 'self'" 
          2. Sample iframe:
            <iframe width="100%" id="wciframe" style="width:100%;padding:0 !important; height:1200px" frameborder="0" marginwidth="0" marginheight="0" scrolling="auto" allowfullscreen="true" allow="autoplay *;fullscreen *;encrypted-media *;camera 'self';microphone 'self'" src="/access/basiclti/site/AMHX_415P_7802/content:1">
            </iframe>
      3. Sakai Tools configured for non inline
        1. Configure a tool via the sakai property portal.iframesuppress
          1. Default:
            :all:sakai.gradebook.gwt.rpc:com.rsmart.certification:sakai.delegatedaccess:sakai.rsf.evaluation:kaltura.media:kaltura.my.media
          2. If you have one of these tools configured you can click on the tool
          3. Inspect the page and verify the iframe contains the "allow" attribute:
            allow="autoplay *;fullscreen *;encrypted-media *;camera 'self';microphone 'self'" 
      Show
      There are 2 tests that should be done: Lessons Test Create an assignment with the Assignments tool Using the Lessons tool Embed/Link to the Assignment created above Next in Lessons click on the embedded/linked assignment Using Chrome inspector look for the iframe lessons used to embed the assignments tool Verify the iframe has the following "allow" attribute: allow="autoplay *;fullscreen *;encrypted-media *;camera 'self';microphone 'self'"  example iframe <iframe allow="autoplay *;fullscreen *;encrypted-media *;camera 'self';microphone 'self'" role="main" data-namespace="Mrphs-container Mrphs-sakai-lessonbuildertool Mrphs-sakai-assignment-grades" allowfullscreen="true" mozallowfullscreen="true" src="http://localhost:8080/portal/tool/51873d7a-47f7-4d33-be24-6ab99e5d1fdb?assignmentReference=/assignment/a/AMHX_415P_7802/ec7e1dc8-7690-4764-af8b-097801a7d79b&panel=Main&sakai_action=doView_submission" webkitallowfullscreen="true" onload="resizeiframe1()" marginwidth="0" scrolling="auto" name="iframe1" width="100%" frameborder="0" id="iframe1" marginheight="0" height="2001" style="height: 1717px;"> </iframe> LTI Test Create an LTI tool i.e.  https://www.tsugi.org/lti-test/ Add it to the site tools via Site Info -> Manage Tools Next click on the tool from the tool menu Verify that the LTI tool loads If using Tsugi test from above it will say Launch Validated inspect the tool and look for the following iframe "id=wciframe" Verify the iframe has the "allow" attribute: allow="autoplay *;fullscreen *;encrypted-media *;camera 'self';microphone 'self'"  Sample iframe: <iframe width="100%" id="wciframe" style="width:100%;padding:0 !important; height:1200px" frameborder="0" marginwidth="0" marginheight="0" scrolling="auto" allowfullscreen="true" allow="autoplay *;fullscreen *;encrypted-media *;camera 'self';microphone 'self'" src="/access/basiclti/site/AMHX_415P_7802/content:1"> </iframe> Sakai Tools configured for non inline Configure a tool via the sakai property portal.iframesuppress Default: :all:sakai.gradebook.gwt.rpc:com.rsmart.certification:sakai.delegatedaccess:sakai.rsf.evaluation:kaltura.media:kaltura.my.media If you have one of these tools configured you can click on the tool Inspect the page and verify the iframe contains the "allow" attribute: allow="autoplay *;fullscreen *;encrypted-media *;camera 'self';microphone 'self'" 

      Description

      Add configuration to set the feature policy for iframe's.

      This will allow to change the browser feature policy in common locations for iframes.

      See https://developers.google.com/web/updates/2018/06/feature-policy

      List of features at https://feature-policy-demos.appspot.com/

       New property added to allow easy control over the "allow" attribute in iframes

      browser.feature.allow.count=5
browser.feature.allow.1=autoplay *
browser.feature.allow.2=fullscreen *
browser.feature.allow.3=encrypted-media *
browser.feature.allow.4=camera 'self'
browser.feature.allow.5=microphone 'self'

       

      This configuration is needed to help allow those elements in sakai which leverage iframes to deliver content (media) for example LTI.

        Gliffy Diagrams

          Zeplin

            Attachments

              Issue Links

              depends on

              Feature Request - Functionality that you would like to see in Sakai. SAK-39946 Allow LTI tools to use camera and microphone

              • Major - Major loss of function or need for functionality in production in the near future.
              • Verified
              incorporates

              Feature Request - Functionality that you would like to see in Sakai. SAK-33873 Add support for new "allow" iframe attribute

              • Major - Major loss of function or need for functionality in production in the near future.
              • CLOSED

                Activity

                  People

                  • Assignee:
                    ern Earle R Nietzel
                    Reporter:
                    ern Earle R Nietzel
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    3 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved:

                      Git Integration