cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ScottHurrey
New Member

LTI 1.3 Mixed Content Warning

Jump to solution

Hello, I am building an LTI 1.3 integration. I have everything registered in my AWS AMI based on bitnami-canvaslms-2022.4.27-212-0-linux-debian-10-x86_64-hvm-ebs-nami-752b37a4-d309-4bda-b662-6bc16b5eaf49. When I click the link to my application, it never loads. In my application I see the OIDC login, but it never loads the launch. I am using pylti1p3 and Flask with Python 3.9.2.

What I see in the javascript console is:

 

Mixed Content: The page at 'https://3.235.21.25/courses/1/assignments' was loaded over HTTPS, but requested an insecure frame 'http://canvas.test/api/lti/authorize_redirect?scope=openid&response_type=id_token&response_mode=form_post&prompt=none&client_id=10000000000002&redirect_uri=https%3A%2F%2Fbox-lti.herokuapp.com%2Flaunch%2F&state=state-a5a2b71f-d9ec-4b2a-ab14-64d320d6ef17&nonce=a0722c6503e14f3d9c5cebfe5baa857feb761b7cf40011eca80dda7f7cbc7b0c&login_hint=c822a4f6c58d1a4b31c66d3903d634dd75556570&lti_message_hint=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ2ZXJpZmllciI6IjE2MjA1MjliYWMzOTBjZTMyZjA2NDJlMWQ0YTQ5MGQ0MzRkZDk1ZWU4ZTNkOWIzZTQyZWRiZWUxN2MyOTczZmIyM2IxNTEyNjU2ZjExODQ3YzE5ZDE5N2YwM2U3MGE0MzE1ZDBkMTcwN2Y0Yzg3NDVjMGZkNzAyZTQ0N2NmMGZiIiwiY2FudmFzX2RvbWFpbiI6IjMuMjM1LjIxLjI1IiwiY29udGV4dF90eXBlIjoiQ291cnNlIiwiY29udGV4dF9pZCI6MTAwMDAwMDAwMDAwMDEsImNhbnZhc19sb2NhbGUiOiJlbiIsImV4cCI6MTY1NjEwNDgyN30.AZ7yGSLTaj1TQEBXsCYgP15_ot9kL93mM6WnrfXK2ag'. This request has been blocked; the content must be served over HTTPS.

 

It points to the following code:

        function checkCookiesAllowed() {
            var cookie = "lti1p3_test_cookie=1; path=/";
            if (siteProtocol === 'https') {
                cookie = cookie + '; SameSite=None; secure';
            }
            document.cookie = cookie;
            var res = document.cookie.indexOf("lti1p3_test_cookie") !== -1;
            if (res) {
                // remove test cookie and reload page
                document.cookie = "lti1p3_test_cookie=1; expires=Thu, 01-Jan-1970 00:00:01 GMT";
                displayLoadingBlock();
                window.location.href = getUpdatedUrl();
            } else {
                displayWarningBlock();
            }
        }

 

Specifically on the line: window.location.href = getUpdatedUrl();

I'm not quite sure where canvas.test is coming from. It does load just fine in other LMS sandboxes, but I'm new to Canvas, so I'm definitely aware that I'm probably missing something dumb. LOL Please let me know if there is additional information I can provide.

I couldn't find any mention of this elsewhere, so I greatly appreciate any guidance.

Thanks in advance!

Labels (4)
0 Kudos
1 Solution
ScottHurrey
New Member
Looks like that code is actually in the LTI Library, so nothing to see here... haha

View solution in original post

0 Kudos
1 Reply
ScottHurrey
New Member
Looks like that code is actually in the LTI Library, so nothing to see here... haha
0 Kudos