Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Member

URLs going crazy?

Jump to solution

Hello friends - 

I have one course where whenever someone goes to link to a document from their course files, it gets changed out to something like this:,...

One of my coworkers had it happen to her also. She uploaded a fresh version of the document, went to the Rich Text Editor, selected the text to link to the file, selected the File from the righthand menu, and then saved the page. And then it turned into that link and clicking on it gives that tiny little UNAUTHORIZED error. 

Any idea what might be causing that?


Tags (3)
1 Solution

Accepted Solutions
Community Contributor

One of my Instructional Designers has found the main process that created the URL and it was able to be replicated:

1) Create/edit announcement or page. I have done it twice in announcements and once in a page.
2) Upload new DOCX file using the Files tab in the dynamic menu and +upload new file.
3) Type and highlight some words in editing box.
4) Click the newly uploaded DOCX file in the Files tab to create the link on the highlighted words.

**Guessing it was Microsoft files since I have seen this with a PPT/PPTX file too**

This was the reply from Canvas Support:

Canvas wrote back - TL;DR: either upload the file, save, and then link it, or upload it to the files area first. They are investigating the problem and will let us know when it’s fixed.

Our engineers are aware of this behavior and are currently looking into this. To work around this you can first add the file the course files tab and then try to link from the Content Selector or you can upload the new file to the content selector and then save the page and then you can go in and create a hyperlink from the existing file. You will be notified through this case as soon as an update becomes available from our engineers.

Hopefully a fix comes up soon! Until then, be careful of your files links. Smiley Happy

View solution in original post

20 Replies
New Member

hey what browser were you using?  i'm seeing links like this too...  edge?

I'm in Chrome 

Community Contributor

 @esicken ‌ Was the page already linked with this code before editing it? Do you know how the page was created in the very beginning? (e.g. was it a NEW page or was it copied over from another course?). Did you try  to delete any blank lines or unlink the area before inserting the new file?

My school has reported this very code, but no one can give me the exact origin of steps that lead up to the issue. I can't say that the code came out of no where because I cannot prove that. If it needs to be reported to Canvas, there needs to be solid proof it was added as a result of Canvas and not user error, so I would like to see if you can provide anything.

Each time my school was able to remedy the issue with relinking, but I want to make sure if you are seeing a repeptition of the incident, how it is coming about. 

Could  you please provide the following: 

1. What browser were you using (what version too)?

2. What OS system were you using and what version (Windows 10, MAC Mohave, Linux, etc.)?

3. What were the exact creation steps that lead to this discovery before trying to fix it? (Need step by step what was done to the page that could have triggered the code to be there or not). 

Thank you,

New Member

We've had two reports of this in the last couple weeks, with the very same behavior. The steps seem to be:

  • Type some text in Pages
  • Highlight the text
  • Click on a file from the File picker on the right-hand side

After doing that, they get the crazy URL format that  @esicken  posted. They say they are able to access it, but students are not (I cannot either). Here's a report from one instructor:

I highlighted a phrase in the description text, and then clicked on the uploaded file in “Files” on the right to make it a link. This didn’t work for [STUDENT], who kept getting “not authorized” .

Looking more closely at the format of these funky URLs, the "blob" parameter actually appears to be JSON:


With the reference to the path of api/v1/canvadoc_session/ in the URL, combined with the JSON payload in the blob URL parameter, combined with the hmac parameter at the end, it looks like we have an API call rather than a file URL. 

It also doesn't seem to be easy to replicate, so it appears to be an intermittently occurring error/bug.

Has anyone gotten further with this and/or opened a case with Instructure?

Community Contributor

Hi  @ostermmg ‌, 

So the steps the teacher did resulted in the coding instantaneously or did they notice the code after a period of time? I am just wondering if any between steps were done which resulted in the code jumping in like the file being removed, renamed, or course content copied into another Canvas course.

Since it's difficult to recreate and easy to fix, it's hard for me to send to Canvas support if they cannot report it too. Which is why I am trying to get as much data as possible from others. I have not been able to replicate this coding myself...

Community Coach
Community Coach

Hi Edita and Mike,
I wanted to let you know I made a couple of very minor edits to both of your posts, generally it is recommended that you obfuscate any IDs such as user IDs and submission IDs and authorisation keys, so I have gone through and done that for you to make sure these identifiers aren't widely published.

I think Cynthia is on the money with her questions, I also wanted to check does this seem to happen with a particular file type perhaps? Or are there any other similarities you have noted as these issues have been reported?

Look forward to hearing from you!


Community Contributor

Hi  @stuart_ryan ‌,

I have not noticed a pattern in file types. The file links that got brought up were PDF and PPT/PPTX so far on my institution. We just got wind of another one today and I saw the following:

  1. Teacher had copied the page template from a DEV (development) course in her LIVE semester course, but the broken file links were not there originally.
  2. The teacher added the files into the course and they ended up being broken (saw from Page History)
  3. I am not sure if the teacher did anything to the files though after doing the linking since I am not working with this teacher, it was just an incident brought up.
    1. A student brought up the authorization access issue which is how we found the coding above tied to it. 
  4. The DEV (development) course that it orignally came from did not have the files themselves in it, so I am assuming the teacher used the "Upload a New File" option, but she could have easily uploaded them into the course first and then linked them from the Rich Content Editor as existing files, so we are still at a wall there...

I cannot find anywhere where a teacher could accidentally grab a link from Canvas and link it to their page. My IT-backend team says the code is leading to something similar to Speedgrader/DocViewer, but I cannot find this exact coding anywhere in the page when I look at page/frame source.

The only HTML coding change I notice is when I link the file, one HTML code appears, then after I save it and return to edit, the HTML code has updated. My IT-backend team says this code may just update for visibility in Canvas mobile. (See screenshot below. Some parts of URL were blurred out for security reasons)

File link HTML coding BEFORE saving Page


File link HTML coding AFTER saving Page


My theory is maybe the code is accidentally being generated from Canvas when it is processing the file/link, but I cannot be positive of that since I cannto replicate the error nor find its source...

Hi Cynthia,

In all three cases we've had reported now, 2 of the three are from the same instructor. I can't yet identify a pattern, but it's definitely intermittent, and therefore hard to reproduce.

 @stuart_ryan ‌, thanks for the update. That was making me uncomfortable as well. Not sure how you were able to edit the posts, but glad it's cleared nonetheless. I'd recommend going after this post as well, which has the same info disclosure in the "here" hyperlink within the original post: Why would a syllabus link sending me a message that says unauthorized? 

cpadavano‌, thank you for the additional information! The AFTER html you're showing isn't consistent with the error pattern (.../api/v1/canvadoc_session?blob=...) so I'm not sure you've been able to reproduce the particular bug. This is what's so frustrating about this one.

If you search for the pattern of "canvadoc_session" in forums (, you'll note that other than actual posts about using the API, this thread and the other one I directed Stuart to are the only references to this behavior. Therefore, I think this bug is fairly new, and has something to do specifically with the code where the File picker interacts with the WYSIWG editor.

I just spoke to the professor who's had this happen twice now, and both times, they were selecting a pre-uploaded file from the right, rather than one they uploaded. Once they selected some text and then inserted, and the second time they inserted it directly to where the cursor was. The only commonality I can find is that someone is inserting something from the file picker on the right.

I think we have enough of a pattern to open up a case about the symptom, even if we can't yet replicate the cause. Is it safe to say that it's happening throughout Canvas (we've seen Pages and Assignments, and the other post references Syllabus) where a link to a File has been inserted into a rich text box using the file picker on the right? Or are there other variations not yet accounted for?