Hello, we are trying to get LTI in Canvas with Juniper working using the native install. We are running LMS/Studio via Nginx on port 443 (HTTPS).
The cookies are reporting SameSite=None and Secure as I found in a bunch of other documentation.
In Chrome on Canvas, we see the embedded sequential block show up, however when we click any of the naviagtion in the block we get the popup stating:
You have been logged out of your edX account. Click Okay to log in again now. Click Cancel to stay on this page (you must log in again to save your work).
In the logs this is what I am seeing:
2020-09-01 04:05:33,561 INFO 22376 [audit] [user 29] models.py:2450 - Login success - user.id: 29
[2020-09-01 04:05:47 +0000] [22376] [INFO] POST /event
[2020-09-01 04:05:47 +0000] [22379] [INFO] POST /courses/course-v1:NLA+IL1010+20_21/xblock/block-v1:NLA+IL1010+20_21+type@sequential+block@aabc642aab3f44ffb7d96af6e3512e81/handler/xmodule_handler/get_completion
[2020-09-01 04:05:47 +0000] [22378] [INFO] POST /courses/course-v1:NLA+IL1010+20_21/xblock/block-v1:NLA+IL1010+20_21+type@sequential+block@aabc642aab3f44ffb7d96af6e3512e81/handler/xmodule_handler/goto_position
2020-09-01 04:05:48,130 WARNING 22376 [django.security.csrf] [user None] log.py:228 - Forbidden (CSRF cookie not set.): /event
So I started trying to track down all of the different CSRF and CORS settings I could and this is what I have
"CORS_ORIGIN_ALLOW_ALL": true,
"CORS_ORIGIN_WHITELIST": ['*'],
"ENABLE_CORS_HEADERS": true,
"CROSS_DOMAIN_CSRF_COOKIE_DOMAIN": ".online.example.org",
"CROSS_DOMAIN_CSRF_COOKIE_NAME": ".online.example.org",
"CSRF_COOKIE_SECURE": true,
"CSRF_TRUSTED_ORIGINS": ['*'],
"ENABLE_CROSS_DOMAIN_CSRF_COOKIE": true,
I believe I took this from my server-vars.yml which feeds into /edx/etc/{lms,studio}.yml and /edx/app/edxapp/{lms,cms}.env.json.
We would rather it be embedded instead of having to open in a new window. So any help would be greatly appreciated!
Thank you!