Community help

esicken · ‎08-27-2019

Hello friends -

I have one course where whenever someone goes to link to a document from their course files, it gets changed out to something like this:

https://ivylearn.ivytech.edu/api/v1/canvadoc_session?blob=%7B%22moderated_grading_whitelist%22:null,...

One of my coworkers had it happen to her also. She uploaded a fresh version of the document, went to the Rich Text Editor, selected the text to link to the file, selected the File from the righthand menu, and then saved the page. And then it turned into that link and clicking on it gives that tiny little UNAUTHORIZED error.

Any idea what might be causing that?

Thanks!

cpadavano · ‎09-24-2019

One of my Instructional Designers has found the main process that created the URL and it was able to be replicated:

1) Create/edit announcement or page. I have done it twice in announcements and once in a page.
2) Upload new DOCX file using the Files tab in the dynamic menu and +upload new file.
3) Type and highlight some words in editing box.
4) Click the newly uploaded DOCX file in the Files tab to create the link on the highlighted words.

**Guessing it was Microsoft files since I have seen this with a PPT/PPTX file too**

This was the reply from Canvas Support:

Canvas wrote back - TL;DR: either upload the file, save, and then link it, or upload it to the files area first. They are investigating the problem and will let us know when it’s fixed.

Our engineers are aware of this behavior and are currently looking into this. To work around this you can first add the file the course files tab and then try to link from the Content Selector or you can upload the new file to the content selector and then save the page and then you can go in and create a hyperlink from the existing file. You will be notified through this case as soon as an update becomes available from our engineers.

Hopefully a fix comes up soon! Until then, be careful of your files links.

View solution in original post

joe_zerd_in · ‎08-29-2019

hey what browser were you using? i'm seeing links like this too... edge?

esicken · ‎08-30-2019

I'm in Chrome

cpadavano · ‎09-10-2019

@esicken ‌ Was the page already linked with this code before editing it? Do you know how the page was created in the very beginning? (e.g. was it a NEW page or was it copied over from another course?). Did you try to delete any blank lines or unlink the area before inserting the new file?

My school has reported this very code, but no one can give me the exact origin of steps that lead up to the issue. I can't say that the code came out of no where because I cannot prove that. If it needs to be reported to Canvas, there needs to be solid proof it was added as a result of Canvas and not user error, so I would like to see if you can provide anything.

Each time my school was able to remedy the issue with relinking, but I want to make sure if you are seeing a repeptition of the incident, how it is coming about.

Could you please provide the following:

1. What browser were you using (what version too)?

2. What OS system were you using and what version (Windows 10, MAC Mohave, Linux, etc.)?

3. What were the exact creation steps that lead to this discovery before trying to fix it? (Need step by step what was done to the page that could have triggered the code to be there or not).

Thank you,

ostermmg · ‎09-16-2019

We've had two reports of this in the last couple weeks, with the very same behavior. The steps seem to be:

Type some text in Pages
Highlight the text
Click on a file from the File picker on the right-hand side

After doing that, they get the crazy URL format that @esicken posted. They say they are able to access it, but students are not (I cannot either). Here's a report from one instructor:

I highlighted a phrase in the description text, and then clicked on the uploaded file in “Files” on the right to make it a link. This didn’t work for [STUDENT], who kept getting “not authorized” .

Looking more closely at the format of these funky URLs, the "blob" parameter actually appears to be JSON:

{
"moderated_grading_whitelist":null,
"enable_annotations":null,
"enrollment_type":null,
"anonymous_instructor_annotations":null,
"submission_id":null,
"user_id":11111111111111111,
"attachment_id":11111111,
"type":"canvadoc"
}

With the reference to the path of api/v1/canvadoc_session/ in the URL, combined with the JSON payload in the blob URL parameter, combined with the hmac parameter at the end, it looks like we have an API call rather than a file URL.

It also doesn't seem to be easy to replicate, so it appears to be an intermittently occurring error/bug.

Has anyone gotten further with this and/or opened a case with Instructure?

cpadavano · ‎09-17-2019

Hi @ostermmg ‌,

So the steps the teacher did resulted in the coding instantaneously or did they notice the code after a period of time? I am just wondering if any between steps were done which resulted in the code jumping in like the file being removed, renamed, or course content copied into another Canvas course.

Since it's difficult to recreate and easy to fix, it's hard for me to send to Canvas support if they cannot report it too. Which is why I am trying to get as much data as possible from others. I have not been able to replicate this coding myself...

ostermmg · ‎09-19-2019

Hi Cynthia,

In all three cases we've had reported now, 2 of the three are from the same instructor. I can't yet identify a pattern, but it's definitely intermittent, and therefore hard to reproduce.

stuart_ryan · ‎09-17-2019

Hi Edita and Mike,
I wanted to let you know I made a couple of very minor edits to both of your posts, generally it is recommended that you obfuscate any IDs such as user IDs and submission IDs and authorisation keys, so I have gone through and done that for you to make sure these identifiers aren't widely published.

I think Cynthia is on the money with her questions, I also wanted to check does this seem to happen with a particular file type perhaps? Or are there any other similarities you have noted as these issues have been reported?

Look forward to hearing from you!

Stuart

cpadavano · ‎09-17-2019

Hi @stuart_ryan ‌,

I have not noticed a pattern in file types. The file links that got brought up were PDF and PPT/PPTX so far on my institution. We just got wind of another one today and I saw the following:

Teacher had copied the page template from a DEV (development) course in her LIVE semester course, but the broken file links were not there originally.
The teacher added the files into the course and they ended up being broken (saw from Page History)
I am not sure if the teacher did anything to the files though after doing the linking since I am not working with this teacher, it was just an incident brought up.
1. A student brought up the authorization access issue which is how we found the coding above tied to it.
The DEV (development) course that it orignally came from did not have the files themselves in it, so I am assuming the teacher used the "Upload a New File" option, but she could have easily uploaded them into the course first and then linked them from the Rich Content Editor as existing files, so we are still at a wall there...

I cannot find anywhere where a teacher could accidentally grab a link from Canvas and link it to their page. My IT-backend team says the code is leading to something similar to Speedgrader/DocViewer, but I cannot find this exact coding anywhere in the page when I look at page/frame source.

The only HTML coding change I notice is when I link the file, one HTML code appears, then after I save it and return to edit, the HTML code has updated. My IT-backend team says this code may just update for visibility in Canvas mobile. (See screenshot below. Some parts of URL were blurred out for security reasons)

File link HTML coding BEFORE saving Page

File link HTML coding AFTER saving Page

My theory is maybe the code is accidentally being generated from Canvas when it is processing the file/link, but I cannot be positive of that since I cannto replicate the error nor find its source...

ostermmg · ‎09-19-2019

@stuart_ryan ‌, thanks for the update. That was making me uncomfortable as well. Not sure how you were able to edit the posts, but glad it's cleared nonetheless. I'd recommend going after this post as well, which has the same info disclosure in the "here" hyperlink within the original post: Why would a syllabus link sending me a message that says unauthorized?

cpadavano‌, thank you for the additional information! The AFTER html you're showing isn't consistent with the error pattern (.../api/v1/canvadoc_session?blob=...) so I'm not sure you've been able to reproduce the particular bug. This is what's so frustrating about this one.

If you search for the pattern of "canvadoc_session" in forums (https://community.canvaslms.com/search.jspa?q=canvadoc_session), you'll note that other than actual posts about using the API, this thread and the other one I directed Stuart to are the only references to this behavior. Therefore, I think this bug is fairly new, and has something to do specifically with the code where the File picker interacts with the WYSIWG editor.

I just spoke to the professor who's had this happen twice now, and both times, they were selecting a pre-uploaded file from the right, rather than one they uploaded. Once they selected some text and then inserted, and the second time they inserted it directly to where the cursor was. The only commonality I can find is that someone is inserting something from the file picker on the right.

I think we have enough of a pattern to open up a case about the symptom, even if we can't yet replicate the cause. Is it safe to say that it's happening throughout Canvas (we've seen Pages and Assignments, and the other post references Syllabus) where a link to a File has been inserted into a rich text box using the file picker on the right? Or are there other variations not yet accounted for?

stuart_ryan · ‎09-19-2019

Thanks so much Mike, tis a form of black geeky magic . I have updated the other one you linked to as well so thank you for that.

I also think you are spot on with regards to whether this is an existing or possible new bug. Given there are patterns emerging, even if not a reliable way to replicate, it would be very much worthwhile to get into contact with Support and get them across this (as they may be able to see wider trends and other support cases behind the scenes.

cpadavano · ‎09-20-2019

@ostermmg ‌ - Thank you for the additional information from the instructor. My images were just showing you the process of how the HTML coding of a file link changes pre-post saving. I theorized that when the link was updating, it some how generated an incorrect link unlike the one it should have.

I will try to report this to Canvas, but without being able to really replicate it, it may be difficult for Canvas to pinpoint. We will see.

ostermmg · ‎09-20-2019

Thank you, cpadavano‌! There should be enough going on in this thread to for them to have a pretty good idea of what behavior is going on, even if we don't yet know the cause. Thank you for reporting the issue! Please let me know if there's anything I can do to insist!

cpadavano · ‎09-24-2019

One of my Instructional Designers has found the main process that created the URL and it was able to be replicated:

1) Create/edit announcement or page. I have done it twice in announcements and once in a page.
2) Upload new DOCX file using the Files tab in the dynamic menu and +upload new file.
3) Type and highlight some words in editing box.
4) Click the newly uploaded DOCX file in the Files tab to create the link on the highlighted words.

**Guessing it was Microsoft files since I have seen this with a PPT/PPTX file too**

This was the reply from Canvas Support:

Canvas wrote back - TL;DR: either upload the file, save, and then link it, or upload it to the files area first. They are investigating the problem and will let us know when it’s fixed.

Our engineers are aware of this behavior and are currently looking into this. To work around this you can first add the file the course files tab and then try to link from the Content Selector or you can upload the new file to the content selector and then save the page and then you can go in and create a hyperlink from the existing file. You will be notified through this case as soon as an update becomes available from our engineers.

Hopefully a fix comes up soon! Until then, be careful of your files links.

stuart_ryan · ‎09-26-2019

Hi Cynthia,

Thanks for that, when Canvas support comes back and lets you know it is fixed, please let us know here and I will update the correct answer.

Nice job on your sleuthing to replicate this reliably!

Stuart

ostermmg · ‎09-27-2019

Hi cpadavano‌, thanks for posting the steps to reproduce! One quick amendment to their guess about it being Office files - I've reproduced with PDFs as well. I think it has more to do with the state of the file that was just uploaded combined with the unsaved Page, Assignment, Quiz, etc. than the type of the file.

Thanks again!

Mike

cpadavano · ‎10-03-2019

@ostermmg ‌ Thanks for the feedback, yes I had an ID say PDFs were another file, so I also agree it could be the state of the file being uploaded. Maybe we'll no, or maybe it will forever be a Canvas secret. I will try to get an update from Canvas Support and post it here as soon as I hear back.

b_willems · ‎04-03-2020

Hi all, Quick warning that this issue has re-appeared. We already saw it when this thread was started (September last year) and, like cpadavano‌, wrote a ticket to support. The ticket was closed as solved on January 31st 2020. However, this week we saw the error happening again on quiz question pages just as before. If created in the way described by Cynthia, links show api/v1/ in the URL and produce an "unauthorized" error for users.

I have informed the support team about this and will post their response here.

u0068007 · ‎05-29-2020

Did you get an answer from the support team? This error happened this week again.

tammyk · ‎06-21-2020

I have a similar situation occur today however the Teacher has said they marked assessments in speedgrader last week and this week some of the results and feedback is missing, as if it never happened.

As part of my troubleshooting I have viewed the Teacher's User Log and compared it with the date and time of the results that have successfully come through. I notice that they start with a simple URL such as: https://mpaskills.instructure.com/courses/65/gradebook/speed_grader?assignment_id=381&student_id=262 and then there's a bunch of URL's that look like this:

https://mpaskills.instructure.com/api/v1/canvadoc_session?blob=%7B%22anonymous_instructor_annotation...

The students do click on a link to download a file and they save it, make the required changes and resubmit. The submission is sitting in speedgrader ready for marking, as if the Teacher hasn't marked it yet.

Is there a way we can break down these long URL's so we can identify if this URL was in fact the marking of the uploaded assignment? Or is it more likely the Teacher just looked at the assignment in the file?

ostermmg · ‎09-01-2020

All, I'm still having this issue occur regularly with our faculty. In @cpadavano's Solution post of 9/24/2019, there is a blurb from Canvas Support(?) that says:
Our engineers are aware of this behavior and are currently looking into this. To work around this you can first add the file the course files tab and then try to link from the Content Selector or you can upload the new file to the content selector and then save the page and then you can go in and create a hyperlink from the existing file. You will be notified through this case as soon as an update becomes available from our engineers.

It's been nearly a year, and this is still happening. The pattern seems pretty apparent:

upload a file to Files in the Content Picker while editing a with the WYSIWG editor
insert a link to the file you just uploaded by clicking it in the Content Picker
Save
Instructor sees it as visible, students get "unathorized" plain text error message from the API endpoint because the link is to https://INSTITUTION.instructure.com/api/v1/canvadoc_session?blob=..., not the actual file path.

Has anyone gotten a case update from Instructure on this?

You're signed out

URLs going crazy?

Community help

View our top guides and resources: