canvas_lti_third_party_cookies 0.2.1 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e1333ca5982732fe82a7282906c08a49efdc753d3b3ea2d87e927189917a71de
-  data.tar.gz: 013f64730fdca2e2490b22d7b145ccc642037ad8c30c6893156958bc1686dd2c
+  metadata.gz: 8d232d4448ee62b75121b20f70143f70f75e0ea38a83408b3ed42bb51ce41247
+  data.tar.gz: 44605463e21036992d5e0dadc1ac7180384e3f4186917e0139fe586c9451c936
 SHA512:
-  metadata.gz: 845e6dde86192f515409d5769c2018867384e032e866694e999b8b0d37f02cfd17e5e5e8a04720a66c58aa610a9fd29d2cd9e89b9441c1b5a8a1ff7b8674318a
-  data.tar.gz: ce10870144e786fbc0c8100e1428aeaa449da381378ddd282fe8087fc40f225c5bef22a35e66ba46a780c2daeb86bf84161c14ff87727f69f17dc9eaf62b7901
+  metadata.gz: 65a832d626b6062a7f4982417681a267bab2d49a6d070e4aef5e99b28d947fdb9d22ba73fc51badc1ceb4a9a7b59e45b3f08f8998fb1c2a286d6ec3bebd440f9
+  data.tar.gz: 47b3da8ab13ac2b3b9e9fae11ccaba87344b2cce53d98edbe6f96250c37c54e98210b6d0345180adbd57e1990516c89f6eed8a6a9304a8abcd2e9ae44a9fe4dc

data/README.md

@@ -1,52 +1,53 @@
 # canvas_lti_third_party_cookies
 
-Safari blocks all 3rd-party cookies by default, which breaks LTI tools that rely on setting cookies when launched in an iframe. Instead, it exposes a new API for getting user-permitted access to set cookies from an iframe, which works though requires jumping through some fun hoops.
-See this article for a detailed explanation: https://community.canvaslms.com/t5/Developers-Group/Safari-13-1-and-LTI-Integration/ba-p/273051
+Safari blocks all 3rd-party cookies by default, which breaks LTI tools that rely on setting cookies when launched in an iframe. Instead, it exposes a new API for getting user-permitted access to set cookies from an iframe, which unfortunately doesn't completely work for LTI use cases.
+See this article for a detailed explanation of the Storage Access API and previous attempts to launch LTI tools in Safari: https://community.canvaslms.com/t5/Developers-Group/Safari-13-1-and-LTI-Integration/ba-p/273051
 
-This gem wraps the Safari cookie dance in a Rails engine that can be easily used with one before_action callback. It is built for use with Canvas,
-which is responsible for some parts of this cookie dance, including launching the tool in a full-window 1st-party context, and providing a
-redirect url for the relaunch after the full-window launch is complete. 
-
-This gem won't work without being launched from Canvas, or a Tool Consumer that implements the same `window.postMessage` listener as Canvas
+The current workaround that this gem implements is to relaunch the tool in a new tab, new window, or popup window, where it can set first-party cookies to it's heart's content. This gem won't work without being launched from Canvas, or a Tool Consumer that implements the same `window.postMessage` listener as Canvas
 does here: https://github.com/instructure/canvas-lms/blob/master/public/javascripts/lti/post_message/requestFullWindowLaunch.js
 
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+# Set 3rd party cookies in Safari
+gem 'canvas_lti_third_party_cookies'
+```
+
+And then execute:
+```bash
+$ bundle install
+```
+
 ## Usage
 
 Choose the Rails controller action that's used to launch your tool and set cookies. Set the before_action callback
 below to run on that action, and pass the data needed.
 
-* the `launch_url` parameter is required, which should be the route
-  that launches the tool.
-* the `launch_params` parameter is optional, and should contain
-  all needed query parameters that the tool requires to launch.
-* the `launch_data` parameter is optional, and should contain
-  all needed form data that the tool requires to launch.
-
-Usually, only query parameters *or* form data is needed, not both.
+* `placement`: (required) Should be the Canvas placement that the tool was launched from, taken from the decoded id_token's `https://www.instructure.com/placement` claim.
+* `window_type`: (optional) Set to `:new_window` to open the tool in a new tab or window, or to `:popup` to open in a popup window.Defaults to `:new_window`.
+* `width`: (optional) The width the popup window should be, in px. User has the discretion to ignore this. Only valid with window_type: popup. Defaults to 800px. 
+* `height`: (optional) The height the popup window should be, in px. User has the discretion to ignore this. Only valid with window_type: popup. Defaults to 600px.
 
 ```ruby
-include LtiThirdPartyCookies::SafariLaunch
+include CanvasLtiThirdPartyCookies::SafariLaunch
 #...
 before_action -> { 
-  handle_safari_launch(launch_url: action_url, launch_params: { foo: bar }, launch_data: { foo: baz })
+  placement = decoded_id_token['https://www.instructure.com/placement']
+  handle_safari_launch(placement: placement, window_type: :popup)
 }
 ```
 
-## Installation
-Add this line to your application's Gemfile:
-
-```ruby
-# Set 3rd party cookies in Safari
-gem 'canvas_lti_third_party_cookies', '~> 0.2.0'
-```
+## Testing
 
-And then execute:
 ```bash
-$ bundle install
+$ rails test
 ```
 
-## Testing
+## Publishing New Versions
 
-```bash
-$ rails test
-```
+1. Bump the version in `lib/canvas_lti_third_party_cookies/version.rb`.
+2. Commit, push, and merge that change.
+3. `rake install`
+4. `gem push pkg/canvas_lti_third_party_cookies-<version>.gem`
+  - note that this will only work if you have access

data/app/controllers/concerns/canvas_lti_third_party_cookies/safari_launch.rb

@@ -0,0 +1,60 @@
+require 'browser'
+
+module CanvasLtiThirdPartyCookies::SafariLaunch
+  extend ActiveSupport::Concern
+
+  # this needs to be called as a before_action on the route that launches the tool
+  # and the tool is required to pass some parameters to this method.
+  #
+  # `placement`: (required) Should be the Canvas placement that
+  # the tool was launched from, taken from the decoded id_token's 
+  # `https://www.instructure.com/placement` claim.
+  #
+  # `window_type`: (optional) Set to `:new_window` to open the tool in a
+  # new tab or window, or to `:popup` to open in a popup window.
+  # Defaults to `:new_window`.
+  #
+  # `width`: (optional) The width the popup window should be, in px. User
+  # has the discretion to ignore this. Only valid with window_type: popup.
+  # Defaults to 800px.
+  #
+  # `height`: (optional) The height the popup window should be, in px. User
+  # has the discretion to ignore this. Only valid with window_type: popup.
+  # Defaults to 600px.
+  #
+  # example:
+  # include CanvasLtiThirdPartyCookies::SafariLaunch
+  # ...
+  # before_action -> { 
+  #   placement = decoded_id_token['https://www.instructure.com/placement']
+  #   handle_safari_launch(placement: placement, window_type: :popup)
+  # }
+  def handle_safari_launch(placement:, window_type: :new_window, width: nil, height: nil)
+    raise ArgumentError.new("window_type must be either :new_window or :popup") unless [:new_window, :popup].include? window_type
+    return unless is_safari?
+    return if is_full_window_launch?
+
+    render(
+      'canvas_lti_third_party_cookies/prep_for_full_window_launch',
+      locals: {
+        launch_url: request.base_url + request.fullpath,
+        placement: placement,
+        window_type: window_type.to_s,
+        width: width || 800,
+        height: height || 600
+      }
+    )
+  end
+
+  private
+
+  def is_full_window_launch?
+    params[:full_win_launch_requested].present?
+  end
+
+  def is_safari?
+    browser = Browser.new(request.headers["User-Agent"])
+    # detect both MacOS and iOS Safari
+    browser.safari? || (browser.webkit? && browser.platform.ios?)
+  end
+end

data/app/views/{lti_third_party_cookies/request_storage_access.erb → canvas_lti_third_party_cookies/prep_for_full_window_launch.erb}

@@ -1,36 +1,25 @@
 <%= javascript_tag do -%>
-  const requestStorageAccess = () => {
-    document
-      .requestStorageAccess()
-      .then(() => redirectToSetCookies())
-      .catch(() => requestFullWindowLaunch());
-  };
-
   const requestFullWindowLaunch = () => {
+    console.log("clicked")
     window.parent.postMessage(
       {
         messageType: "requestFullWindowLaunch",
-        data: "<%= launch_url %>",
+        data: {
+          url: "<%= launch_url %>",
+          placement: "<%= placement %>",
+          launchType: "<%= window_type %>",
+          launchOptions: {
+            width: <%= width %>,
+            height: <%= height %>
+          }
+        }
       },
       "*"
     );
   };
-
-  const redirectToSetCookies = () => {
-    const form = document.getElementById("relaunch");
-    form.submit();
-  };
-
   document.addEventListener("DOMContentLoaded", () => {
-    document.getElementById("request").addEventListener("click", requestStorageAccess)
-    document
-      .hasStorageAccess()
-      .then((hasStorageAccess) => {
-        if (hasStorageAccess) {
-          redirectToSetCookies();
-        }
-      })
-      .catch((err) => console.error(err));
+    console.log("loaded")
+    document.getElementById("request").addEventListener("click", requestFullWindowLaunch)
   });
 <% end %>
 <style type="text/css">
@@ -40,7 +29,7 @@
     height: 100%;
     font-family: "Segoe UI", Frutiger, "Frutiger Linotype", "Dejavu Sans", "Helvetica Neue", Arial, sans-serif;
     font-size: 1.1em;
-    padding: 0 75px 0 75px;
+    padding: 0 24px;
   }
 
   .flex-item {
@@ -48,8 +37,8 @@
     text-align: center;
   }
 
-  .first {
-    margin-top: 50px;
+  .flex-container div:first-child {
+    margin-top: 24px;
   }
 
   p {
@@ -87,7 +76,7 @@
 </style>
 
 <div class="flex-container">
-  <div class="flex-item first">
+  <div class="flex-item">
     <img id="safari-logo" src="https://upload.wikimedia.org/wikipedia/commons/5/52/Safari_browser_logo.svg" alt="Safari Logo" />
   </div>
 
@@ -96,18 +85,15 @@
   </div>
 
   <div class="flex-item">
-    <p>Safari requires your interaction with this app before logging you in.</p>
-    <p>A dialog may appear asking you to allow this app to use cookies while browsing Canvas.</p>
-    <p>For the best experience, click Allow.</p>
+    <p>Safari blocks third-party cookies by default, which this app relies on for sign-in features.</p>
+    <p>Launching this app in a <%if window_type == "popup"%>popup window<%else%>new tab<%end%>, separate from Canvas, will allow the app to set its own cookies.</p>
+    <%if window_type == "popup"%>
+    <p>If the app doesn't appear, make sure Safari is not blocking popups.</p>
+    <%end%>
   </div>
   
   <div class="flex-item">
-    <button id="request">Continue to App</button>
+    <button id="request">Open <%if window_type == "popup"%>Popup<%else%>in New Tab<%end%></button>
   </div>
   <div>
-</div>
-<form id="relaunch" method="POST" action="<%= relaunch_url %>">
-  <% launch_data.each do |key, value| -%>
-    <%= hidden_field_tag key, value %>
-  <% end -%>
-</form>
+</div>

data/lib/canvas_lti_third_party_cookies.rb

@@ -0,0 +1,4 @@
+require "canvas_lti_third_party_cookies/engine"
+
+module CanvasLtiThirdPartyCookies
+end

data/lib/canvas_lti_third_party_cookies/engine.rb

@@ -0,0 +1,5 @@
+module CanvasLtiThirdPartyCookies
+  class Engine < ::Rails::Engine
+    isolate_namespace CanvasLtiThirdPartyCookies
+  end
+end

data/lib/canvas_lti_third_party_cookies/version.rb

@@ -0,0 +1,3 @@
+module CanvasLtiThirdPartyCookies
+  VERSION = '0.4.0'
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: canvas_lti_third_party_cookies
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.4.0
 platform: ruby
 authors:
 - Xander Moffatt
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-02-11 00:00:00.000000000 Z
+date: 2021-03-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -75,13 +75,12 @@ files:
 - LICENSE
 - README.md
 - Rakefile
-- app/controllers/concerns/lti_third_party_cookies/safari_launch.rb
+- app/controllers/concerns/canvas_lti_third_party_cookies/safari_launch.rb
+- app/views/canvas_lti_third_party_cookies/prep_for_full_window_launch.erb
 - app/views/layouts/application.html.erb
-- app/views/lti_third_party_cookies/full_window_launch.erb
-- app/views/lti_third_party_cookies/request_storage_access.erb
-- lib/lti_third_party_cookies.rb
-- lib/lti_third_party_cookies/engine.rb
-- lib/lti_third_party_cookies/version.rb
+- lib/canvas_lti_third_party_cookies.rb
+- lib/canvas_lti_third_party_cookies/engine.rb
+- lib/canvas_lti_third_party_cookies/version.rb
 homepage: https://gerrit.instructure.com/#/admin/projects/lti_third_party_cookies
 licenses:
 - MIT

data/app/controllers/concerns/lti_third_party_cookies/safari_launch.rb

@@ -1,66 +0,0 @@
-require 'browser'
-
-module LtiThirdPartyCookies::SafariLaunch
-  extend ActiveSupport::Concern
-
-  # this needs to be called as a before_action on the route that launches the tool
-  # and the tool is required to pass some parameters to this method.
-  # the `launch_url` parameter is required, which should be the route
-  #   that launches the tool.
-  # the `launch_params` parameter is optional, and should contain
-  #   all needed query parameters that the tool requires to launch.
-  # the `launch_data` parameter is optional, and should contain
-  #   all needed form data that the tool requires to launch.
-  # example:
-  # include LtiThirdPartyCookies::SafariLaunch
-  # ...
-  # before_action -> { 
-  #   handle_safari_launch(launch_url: action_url, launch_params: { foo: bar }, launch_data: { foo: baz })
-  # }
-  def handle_safari_launch(launch_url:, launch_params: {}, launch_data: {})
-    browser = Browser.new(request.headers["User-Agent"])
-    # detect both MacOS and iOS Safari
-    return unless browser.safari? || (browser.webkit? && browser.platform.ios?)
-
-    # Safari launch #4: Storage Access has been granted,
-    #   so launch the app normally.
-    if params[:storage_access_status].present?
-      # remove from request directly instead of only from `params` so that
-      # the tool *really* doesn't have to worry about this being present
-      request.request_parameters.delete(:storage_access_status)
-      return
-    end
-
-    # Safari launch #2: Full-window launch, solely for first-party user interaction.
-    #   During a full-window launch, Canvas provides a :platform_redirect_url that
-    #   will launch the tool again within an iframe in Canvas. (#3)
-    if params[:platform_redirect_url].present?
-      return render(
-        'lti_third_party_cookies/full_window_launch',
-        locals: { platform_redirect_url: params[:platform_redirect_url] }
-      )
-    end
-
-    # Safari launch #1: request Storage Access, then relaunch the tool. (#4)
-    #   If request fails, request a full window launch instead. (#2)
-    # Safari launch #3: Relaunched by Canvas after full-window launch,
-    #   request Storage Access and then relaunch the tool. (#4)
-    # Pass along any parameters provided by the tool that are needed to launch correctly,
-    # and tell the tool that it has Storage Access.
-    render(
-      'lti_third_party_cookies/request_storage_access',
-      locals: {
-        launch_url: launch_url,
-        relaunch_url: relaunch_url(launch_url, launch_params),
-        launch_data: launch_data.merge({ storage_access_status: "granted"})
-      }
-    )
-  end
-
-  private
-
-  def relaunch_url(launch_url, launch_params)
-    return launch_url if launch_params.empty?
-    "#{launch_url}?#{launch_params.to_query}"
-  end
-end

data/app/views/lti_third_party_cookies/full_window_launch.erb

@@ -1,79 +0,0 @@
-<%= javascript_tag do -%>
-  document.addEventListener("DOMContentLoaded", () => {
-    document.getElementById("redirect").addEventListener("click", () => {
-      window.location.replace("<%= platform_redirect_url %>");
-    });
-  });
-<% end %>
-<style type="text/css">
-  .flex-container {
-    display: flex;
-    flex-direction: column;
-    height: 100%;
-    font-family: "Segoe UI", Frutiger, "Frutiger Linotype", "Dejavu Sans", "Helvetica Neue", Arial, sans-serif;
-    font-size: 1.1em;
-    padding: 0 75px 0 75px;
-  }
-
-  .flex-item {
-    margin-bottom: 10px;
-    text-align: center;
-  }
-
-  .first {
-    margin-top: 50px;
-  }
-
-  p {
-    margin: 0 0 0.5em 0;
-  }
-
-  button {
-    background: #008EE2;
-    color: #ffffff;
-    border: 1px solid;
-    border-color: #0079C1;
-    border-radius: 3px;
-    transition: background-color 0.2s ease-in-out;
-    display: inline-block;
-    position: relative;
-    padding: 8px 14px;
-    margin-bottom: 0;
-    font-size: 16px;
-    font-size: 1rem;
-    line-height: 20px;
-    text-align: center;
-    vertical-align: middle;
-    cursor: pointer;
-    text-decoration: none;
-    overflow: hidden;
-    text-shadow: none;
-    -webkit-user-select: none;
-    -moz-user-select: none;
-  }
-
-  #safari-logo {
-    width: 100px;
-    height: 100px;
-  }
-</style>
-
-<div class="flex-container">
-  <div class="flex-item first">
-    <img id="safari-logo" src="https://upload.wikimedia.org/wikipedia/commons/5/52/Safari_browser_logo.svg" alt="Safari Logo" />
-  </div>
-
-  <div class="flex-item">
-    <strong>It looks like you are using Safari.</strong>
-  </div>
-
-  <div class="flex-item">
-    <p>Occasionally, Safari requires you to launch this app outside of Canvas before logging in.</p>
-    <p>This setup is now complete, and Canvas can now relaunch this app.</p>
-  </div>
-  
-  <div class="flex-item">
-     <button id="redirect">Relaunch App in Canvas</button>
-  </div>
-  <div>
-</div>

data/lib/lti_third_party_cookies.rb

@@ -1,5 +0,0 @@
-require "lti_third_party_cookies/engine"
-require_relative "../app/controllers/concerns/lti_third_party_cookies/safari_launch"
-
-module LtiThirdPartyCookies
-end

data/lib/lti_third_party_cookies/engine.rb

@@ -1,5 +0,0 @@
-module LtiThirdPartyCookies
-  class Engine < ::Rails::Engine
-    isolate_namespace LtiThirdPartyCookies
-  end
-end

data/lib/lti_third_party_cookies/version.rb

@@ -1,3 +0,0 @@
-module LtiThirdPartyCookies
-  VERSION = '0.2.1'
-end