LTI XBlock and SameSite

Zachary_Trabookis · March 31, 2020, 7:51pm

@DanielMcQ I ran into this issue and posted here.
https://openedx.slack.com/archives/C0GR05YC9/p1585674197001400

This SameSite cookie is effecting LTI Consumer content from rendering in an external LMSs (e.g. Canvas, Blackboard) from pulling in LTI content from our Open edX instance (LTI Provider). It throws an HTTP 403 response because the anonymous user is not authenticated because the csrftoken is not being sent in the HTTP request to https://github.com/edx/edx-platform/blob/open-release/hawthorn.master/lms/urls.py#L244-L252

Topic		Replies	Views
Can't login to admin panel with Chrome (but it works with Firefox) Site Operations Help juniper	1	1163	August 31, 2020
JUNIPER.MASTER - Fresh Install: Forbidden (CSRF cookie not set.): /change_enrollment Site Operations Help	11	3660	September 3, 2020
"activate_block_id" cookie samesite Site Operations Help	1	543	April 17, 2020
Cannot access LTI Deep Link response in openedx Development api , how-to , devstack , tutor , lti	0	96	June 20, 2024
Please some help loging-in! Site Operations Help	11	2852	December 26, 2020

LTI XBlock and SameSite

Related topics