Community Help

tami_salz · ‎02-05-2020

Regarding the upcoming samesite cookies Chrome changes discussed in the developer's group -SameSite Cookies and Canvas How are you all testing your external vendor LTIs and what have you found so far? We have been testing and reaching out to vendors individually - something that doesn't seem very efficient!

So far we have found the following updates:

BlueJeans - updated recently to accommodate the Chrome 80 cookie behaviour change

ProcktorTrak - updated recently to accommodate the Chrome 80 cookie behaviour change

Kaltura - updated recently to accommodate the Chrome 80 cookie behaviour change

Box - committed to updating but hasn't yet

Piazza - updated recently to accommodate the Chrome 80 cookie behaviour change

RobDitto · ‎02-05-2020

@tami_salz what a great idea to share what we're hearing from suppliers! Here's what I have so far:

BlueJeans - supplier confirms updated successfully
FeedbackFruits - supplier confirms updated successfully
ForClass - remediation appears complete, awaiting final confirmation
Instructure (for New Quizzes in Canvas) - appears compliant in a recent release; awaiting Customer Success confirmation
ProctorU - supplier confirms updated successfully
Study.Net - supplier confirms updated successfully

lclontz · ‎02-06-2020

One other note for those who might have missed it:

February, 2020: Enforcement rollout for Chrome 80 Stable: The SameSite-by-default and SameSite=None-requires-Secure behaviors will begin rolling out to Chrome 80 Stable for an initial limited population starting the week of February 17, 2020, excluding the US President’s Day holiday on Monday. We will be closely monitoring and evaluating ecosystem impact from this initial limited phase through gradually increasing rollouts.

Chrome 80: There is a 50% chance that the new SameSite rules are active in your browser, ONLY if you are using Chrome 80 Canary, Dev, or Beta. Upon the release of Chrome 80 Stable, the new SameSite behavior will be rolled out to Chrome 80 Stable users as specified in the timeline above. Chrome 80 users on other channels (Canary, Dev, Beta) will also receive the new SameSite behavior at that time.

SameSite Updates - The Chromium Projects

So hopefully it won't be immediately impactful unless you're running beta, dev or canary.

lclontz · ‎02-05-2020

Echo 360 seems to have been updated recently to work, which is comforting.

Still not fully working for us:

Box
Office 365
Roll Call
EvaluationKIT
Barnes and Noble Course Materials Purchase/Research & Adopt

JACOBSEN_C · ‎02-05-2020

We're contacting each Vendor/3rd party. Many seem to say it'll be sewn-up this weekend...

Ally

EvaluationKit

Respondus (LockDown Browser Integration)

Studio (which is odd... it being from Instructure...)

Threadz (self hosted)

...

cronek · ‎02-05-2020

We have tested and contacted the following vendors:

Zoom - not working but committed to updating
NetTutor - not working
CoursEval - not working
VoiceThreads - working since we first tested
Panopto - working after recent fix
VitalSource - working after recent fix
UDOIT - working via upgrade to v2.6.0

blantons · ‎02-06-2020

This is what we have at MU Columbia:

Product	Status
Badgr	Fail
Box	Fail
Cengage MindTap	Pass
Cengage Unlimited	Pass
Cengage WebAssign	Pass
Discover MU	Pass
H5P	Fail
iClicker	Pass
Kaltura	Fail (vendor working on a fix)
LibApps	Pass
LibGuides	Pass
Lockdown Browser instructor interface	Pass
Lumen OHM	Fail
Lumen Waymaker	Pass
Lumena Candela	Pass
Macmillan Launchpad	Pass
Macmillan Sapling	Pass
Merlot	Pass
MH ALEKS	Pass
MH Connect	Pass
MH Simnet	Pass
Starfish	Pass/Fail (Depends on where it's launched from)
Norton Inquizitiv	Pass
Norton Reader	Pass
OER Commons	Fail
Panopto	Pass
Pearson Direct	Fail
Pearson MyLabs	Pass
Prulu	Fail
Roll call	Pass
SCORM	Pass
Turnitin Feedback Studio	Pass
Turnitin Plagiarism Framework	Pass
VitalSource	Pass
Voicethread	Pass
WileyPLUS (new)	Fail
WileyPLUS (old)	Pass
YouTube	Pass
Zoom	Fails but prompts user to open a new window/tab

dave-long · ‎02-06-2020

Hi Sarah,

Thank you for the excellent list! Can you tell me more about what in Kaltura isn't working?

When testing Kaltura, did you test with Chrome 79 and the two settings turned on, or with Chrome 80 and the two settings turned on?

These are the settings I'm referring to:

Paste chrome://flags in the URL bar and hit enter
Search for “SameSite by default cookies” and enable it
Search for “Cookies without SameSite must be secure” and enable it
Restart Chrome (it prompts for this)

This was a point of confusion during a Kaltura office hours call a while back, they mentioned that we'd have to test with Chrome 80 and those two settings on. When testing in Chrome 79 with those settings on, the integration would return a message about enabling 3rd party cookies.

Thanks!

-Dave

blantons · ‎02-06-2020

We tested Kaltura today with Chrome 80 and the two flags enabled, and it appears to be working ok now.

d_mainwaring · ‎02-06-2020

I can report that RPNow (a proctoring service) has already worked and fixed the issues they were having.

MattHanes · ‎02-07-2020

The same-site warning also appears for things embedded from CK-12. I sent them a help ticket about it. I'll post here if I get a response.

lclontz · ‎02-14-2020

As of this morning, Box seems to be working now.

Box is only working if you've logged in already. New LTI launches are still failing as of 2/18.

cronek · ‎02-14-2020

NetTutor and CoursEval got their cookies fixed earlier this week.

tami_salz · ‎02-18-2020

Lee / everyone - regarding Box - do you have it as a Course navigation placement? Our Box still isn't working 100% and our identity management team says it is a shib and iframe issue. If you have the course navigation - does your's open in a new window or in an iframe? And, if it opens in a new window - how did you get that to happen - is there a parameter that we aren't aware of? Thanks!

lclontz · ‎02-18-2020

Hey, Tami -- actually I was mistaken. Box works if you've already logged in to Box in the same Chrome instance and have a valid token (which I did when I tested). If you're not logged in already, it's still not working.

tami_salz · ‎02-18-2020

Hi Lee! Thanks for the update! I updated my Box ticket with the info our team provided. The initial response from Box says that Box pushed out an update yesterday and asked if I had tested today. I did test just now, and unfortunately with the same result that the Course Navigation isn't working (unless authenticated already). Will let you know if anything changes or we get another update from Box.

kedmison · ‎02-18-2020

It also appears that Canvas New Analytics is throwing a SameSite warning. Instructure does not have a date on a planned update.

[ARCHIVED] Samesite Cookies testing

Archived

Questions

You're signed out

[ARCHIVED] Samesite Cookies testing

Archived

Questions

Community Help

View our top guides and resources: