Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-42998

Chrome80 SameSite: LTI 1.1 tool

    XMLWordPrintable

    Details

    • Test Plan:
      Hide
      1. In Chrome with the browser console open:
      2. Add an LTI tool either through
        • Lessons - > Add Content - > External Tool
        • Site Info - > Manage Tools
      3. Enter the following information
      4. Check the following boxes:
        • Debug Launch
        • Send Names to the External Tool
        • Send Email Addresses to the External Tool
      5. Click Update Options
      6. Launch the tool and watch the browser console
      Show
      In Chrome with the browser console open: Add an LTI tool either through Lessons - > Add Content - > External Tool Site Info - > Manage Tools Enter the following information Remote Tool Url:  https://www.tsugi.org/lti-test/tool.php Remote Tool Key: 12345 Remote Tool Secret: secret Check the following boxes: Debug Launch Send Names to the External Tool Send Email Addresses to the External Tool Click Update Options Launch the tool and watch the browser console

      Description

      Enable both in Chrome:

      chrome://flags/#same-site-by-default-cookies
      chrome://flags/#cookies-without-same-site-must-be-secure

      After adding an LTI tool, the following warning displays, tool seems to be working though:

      ShowItem?returnView=&studentItemId=0&backPath=&bltiAppStores=false&errorMessage=&clearAttr=&messageId=&source=&title=&sendingPage=4&newTopLevel=false&postedComment=false&addBefore=&path=&itemId=21&topicId=&addTool=-1&recheck=&id=&forumId=:1 A cookie associated with a cross-site resource at http://www.tsugi.org/ was set without the `SameSite` attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

        Gliffy Diagrams

          Zeplin

            Attachments

              Issue Links

                Activity

                  People

                  • Assignee:
                    csev Charles Severance
                    Reporter:
                    agschmidt Andrea Schmidt
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    5 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved:

                      Git Integration