RubyGems - canvas_lti_third_party_cookies - Versions diffs - 0.3.1 → 1.0.0 - Mend

canvas_lti_third_party_cookies 0.3.1 → 1.0.0

Files changed (14) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 890865e3f76d11ffcb3c1e203b7b507c068127b0b2cba1455fdf0fa558ef96f8
-  data.tar.gz: 197439ea71f9dd99b21235358022f7c324f86fdec4e03ce93c7f28201dfc2d83
+  metadata.gz: bfadd9bf819df5cfb7740b3b1c88f7436337b0bafbc243d9df216af7e948cd9e
+  data.tar.gz: 6a539c02d809cbffbc9693a69567942af8ba24d839299d0baca93e3ebe1ef676
 SHA512:
-  metadata.gz: 8c7001cbfb01825b8a475ed48f15cfdd3e962ce5fcda789f1a211a1445c5d75e8f171982a7e7c4ed954e43a22f393f781be9a9e15fbfee97122e7f8438cac9d6
-  data.tar.gz: 8a4a17fc88a70d26b57ea6862bdbd9f71bd2ec21cfa548e42868d4dec3167be6d24471c29ed346e03dfa8900ff6b4e08849084519160ce8f78f5a8a927bd59b5
+  metadata.gz: a346aec85ae07519abe21496dbec0126bab0ab6ffc96de0d0b7c23be9eea02080cde3b7949295b598e9827c597442d83f866c758f0790a5bfad4da4faa4821cb
+  data.tar.gz: 9fb2fbc396790aca7e388e430adcd36ff2b2acf5d3f94309413e732b1ad354fdac8ee76197f1b3e74948ac59731cc10cbd3c931968361d0d6d3176c0e4af8a73

data/README.md CHANGED Viewed

@@ -1,46 +1,9 @@
 # canvas_lti_third_party_cookies
-Safari blocks all 3rd-party cookies by default, which breaks LTI tools that rely on setting cookies when launched in an iframe. Instead, it exposes a new API for getting user-permitted access to set cookies from an iframe, which works though requires jumping through some fun hoops.
-See this article for a detailed explanation: https://community.canvaslms.com/t5/Developers-Group/Safari-13-1-and-LTI-Integration/ba-p/273051
+Safari blocks all 3rd-party cookies by default, which breaks LTI tools that rely on setting cookies when launched in an iframe. Other browsers will soon follow suit. Instead, it exposes a new API for getting user-permitted access to set cookies from an iframe, which unfortunately doesn't completely work for LTI use cases.
+See this article for a detailed explanation of the Storage Access API and previous attempts to launch LTI tools in Safari: https://community.canvaslms.com/t5/Developers-Group/Safari-13-1-and-LTI-Integration/ba-p/273051
-This gem wraps the Safari cookie dance in a Rails engine that can be easily used with one before_action callback. It is built for use with Canvas,
-which is responsible for some parts of this cookie dance, including launching the tool in a full-window 1st-party context, and providing a
-redirect url for the relaunch after the full-window launch is complete.
-This gem won't work without being launched from Canvas, or a Tool Consumer that implements the same `window.postMessage` listener as Canvas
-does here: https://github.com/instructure/canvas-lms/blob/master/public/javascripts/lti/post_message/requestFullWindowLaunch.js
-## Usage
-Choose the Rails controller action that's used to launch your tool and set cookies. Set the before_action callback
-below to run on that action, and pass the data needed.
-* the `launch_url` parameter is required, which should be the route
-  that launches the tool.
-* the `launch_params` parameter is optional, and should contain
-  all needed query parameters that the tool requires to launch.
-* the `launch_data` parameter is optional, and should contain
-  all needed form data that the tool requires to launch.
-Usually, only query parameters *or* form data is needed, not both.
-```ruby
-include CanvasLtiThirdPartyCookies::SafariLaunch
-#...
-before_action -> {
-  handle_safari_launch(launch_url: action_url, launch_params: { foo: bar }, launch_data: { foo: baz })
-}
-```
-This will launch the tool multiple times, and also redirect the user back to Canvas when needed. For more information on the detailed tool
-launches, see the comments in `app/controllers/concerns/canvas_lti_third_party_cookies/safari_launch.rb`.
-Note that the tool will be relaunched from within this method once Storage Access is granted and pass all parameters from the previous
-Canvas launch, which will break JWT nonce verification since it will detect the nonce has already been used.
-To combat this, this gem provides the `should_ignore_nonce?` method so that your tool can ignore the nonce verification for that
-specific launch. Normally, ignoring a duplicate nonce can lead to replay attacks. This method will only return true if the request's
-`Referer` header matches the tool's domain, which only happens in this last internal redirect.
+The current workaround that this gem implements is to relaunch the tool in a new tab, new window, or popup window, where it can set first-party cookies to it's heart's content. The relaunch occurs during the login request, so the tool is entirely in control, and no other parts of the LTI launch flow are modified.
 ## Installation
 Add this line to your application's Gemfile:
@@ -55,6 +18,48 @@ And then execute:
 $ bundle install
 ```
+## Usage
+Choose the Rails controller action that's used to launch your tool and set cookies. Set the before_action callback
+below to run on that action, and pass the data needed.
+* `redirect_url` (required): the authorization redirect URL to continue the login flow
+* `redirect_data` (required): all form data required for the authorization redirect, which
+the previous login render call should have included in a form tag.
+* `window_type`: (optional) Set to `:new_window` to open the tool in a
+new tab or window, or to `:popup` to open in a popup window.
+Defaults to `:new_window`.
+* `width`: (optional) The width the popup window should be, in px. User
+has the discretion to ignore this. Only valid with window_type: popup.
+Defaults to 800px.
+* `height`: (optional) The height the popup window should be, in px. User
+has the discretion to ignore this. Only valid with window_type: popup.
+Defaults to 600px.
+example:
+```ruby
+include CanvasLtiThirdPartyCookies::RelaunchOnLogin
+...
+def login
+  state, nonce = create_and_cache_state # handled elsewhere
+  redirect_url = 'http://canvas.instructure.com/api/lti/authorize_redirect'
+  redirect_data = {
+    scope: 'openid',
+    response_type: 'id_token',
+    response_mode: 'form_post',
+    prompt: 'none',
+    redirect_uri: redirect_uri, # the launch url of the tool
+    client_id: params.require(:client_id),
+    login_hint: params.require(:login_hint),
+    lti_message_hint: params.require(:lti_message_hint),
+    state: state,
+    nonce: nonce
+  }
+  relaunch_on_login(redirect_url, redirect_data)
+end
+```
 ## Testing
 ```bash
@@ -64,7 +69,7 @@ $ rails test
 ## Publishing New Versions
 1. Bump the version in `lib/canvas_lti_third_party_cookies/version.rb`.
-2. Commit, push, and merge that change.
-3. `rake install`
+2. `rake install`
+3. Commit, push, and merge that change.
 4. `gem push pkg/canvas_lti_third_party_cookies-<version>.gem`
   - note that this will only work if you have access

data/Rakefile CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 begin
   require 'bundler/setup'
 rescue LoadError

data/app/assets/javascripts/canvas_lti_third_party_cookies/relaunch_on_login.js ADDED Viewed

@@ -0,0 +1,66 @@
+document.addEventListener("DOMContentLoaded", () => {
+  const { window_type, form_target, width, height } = window.ENV;
+  let newWindow;
+  const openNewWindow = () => {
+    switch (window_type) {
+      case "popup": {
+        newWindow = window.open(
+          "",
+          form_target,
+          "toolbar=no,menubar=no,location=no,status=no,resizable,scrollbars," +
+            `width=${width},height=${height}`
+        );
+        break;
+      }
+      case "new_window": {
+        newWindow = window.open("", form_target);
+        break;
+      }
+    }
+  };
+  const getRelaunchElement = (id) => document.getElementById(`relaunch-${id}`);
+  const hide = (el) => (el.style.display = "none");
+  const show = (el) => (el.style.display = "flex"); // normally this is 'block', but the containers need to be 'flex'
+  const successMessageEl = getRelaunchElement("success");
+  const retryMessageEl = getRelaunchElement("retry");
+  const relaunchFormEl = getRelaunchElement("form");
+  const retryButtonEl = getRelaunchElement("request");
+  // set a test cookie
+  const testCookie = "canSetCookies=true";
+  document.cookie = testCookie;
+  if (
+    document.cookie.split(";").some((cookie) => cookie.includes(testCookie))
+  ) {
+    // setting cookies works, continue login flow inline
+    // todo: remove test cookie
+    document.getElementById("redirect-form").submit();
+    return;
+  }
+  // open in new tab and restart login flow
+  show(successMessageEl);
+  openNewWindow();
+  if (newWindow) {
+    // tool opened successfully, POST login form data to opened window
+    relaunchFormEl.submit();
+    return;
+  }
+  // tool open blocked, tell user to allow popups and try again
+  show(retryMessageEl);
+  hide(successMessageEl);
+  retryButtonEl.addEventListener("click", () => {
+    // open tool and POST login data again
+    openNewWindow();
+    relaunchFormEl.submit();
+    show(successMessageEl);
+    hide(retryMessageEl);
+  });
+});

data/app/assets/stylesheets/canvas_lti_third_party_cookies/relaunch_on_login.css ADDED Viewed

@@ -0,0 +1,52 @@
+.flex-container {
+  display: none;
+  flex-direction: column;
+  height: 100%;
+  font-family: "Segoe UI", Frutiger, "Frutiger Linotype", "Dejavu Sans",
+    "Helvetica Neue", Arial, sans-serif;
+  font-size: 1.1em;
+  padding: 0 24px;
+}
+.flex-item {
+  margin-bottom: 10px;
+  text-align: center;
+}
+.flex-container div:first-child {
+  margin-top: 24px;
+}
+p {
+  margin: 0 0 0.5em 0;
+}
+button {
+  background: #008ee2;
+  color: #ffffff;
+  border: 1px solid;
+  border-color: #0079c1;
+  border-radius: 3px;
+  transition: background-color 0.2s ease-in-out;
+  display: inline-block;
+  position: relative;
+  padding: 8px 14px;
+  margin-bottom: 0;
+  font-size: 16px;
+  font-size: 1rem;
+  line-height: 20px;
+  text-align: center;
+  vertical-align: middle;
+  cursor: pointer;
+  text-decoration: none;
+  overflow: hidden;
+  text-shadow: none;
+  -webkit-user-select: none;
+  -moz-user-select: none;
+  user-select: none;
+}
+img {
+  width: 100px;
+  height: 100px;
+}

data/app/controllers/concerns/canvas_lti_third_party_cookies/relaunch_on_login.rb ADDED Viewed

@@ -0,0 +1,71 @@
+module CanvasLtiThirdPartyCookies::RelaunchOnLogin
+  extend ActiveSupport::Concern
+  # this should replace your previous login render call, at the end of your login action.
+  #
+  # `redirect_url` (required): the authorization redirect URL to continue the login flow
+  #
+  # `redirect_data` (required): all form data required for the authorization redirect, which
+  # the previous login render call should have included in a form tag.
+  #
+  # `window_type`: (optional) Set to `:new_window` to open the tool in a
+  # new tab or window, or to `:popup` to open in a popup window.
+  # Defaults to `:new_window`.
+  #
+  # `width`: (optional) The width the popup window should be, in px. User
+  # has the discretion to ignore this. Only valid with window_type: popup.
+  # Defaults to 800px.
+  #
+  # `height`: (optional) The height the popup window should be, in px. User
+  # has the discretion to ignore this. Only valid with window_type: popup.
+  # Defaults to 600px.
+  #
+  # example:
+  # include CanvasLtiThirdPartyCookies::RelaunchOnLogin
+  # ...
+  # def login
+  #   state, nonce = create_and_cache_state # handled elsewhere
+  #   redirect_url = 'http://canvas.instructure.com/api/lti/authorize_redirect'
+  #   redirect_data = {
+  #     scope: 'openid',
+  #     response_type: 'id_token',
+  #     response_mode: 'form_post',
+  #     prompt: 'none',
+  #     redirect_uri: redirect_uri, # the launch url of the tool
+  #     client_id: params.require(:client_id),
+  #     login_hint: params.require(:login_hint),
+  #     lti_message_hint: params.require(:lti_message_hint),
+  #     state: state,
+  #     nonce: nonce
+  #   }
+  #
+  #   relaunch_on_login(redirect_url, redirect_data)
+  # end
+  def relaunch_on_login(redirect_url, redirect_data, window_type: :new_window, width: 800, height: 600)
+    raise ArgumentError.new("window_type must be either :new_window or :popup") unless [:new_window, :popup].include? window_type
+    window_type_text = {
+      new_window: 'new tab',
+      popup: 'popup window'
+    }
+    form_target = 'login_relaunch'
+    render(
+      'canvas_lti_third_party_cookies/relaunch_on_login',
+      locals: {
+        redirect_url: redirect_url,
+        redirect_data: redirect_data,
+        relaunch_url: request.url,
+        relaunch_data: params.permit(:canvas_region, :client_id, :iss, :login_hint, :lti_message_hint, :target_link_uri),
+        form_target: form_target,
+        window_type_text: window_type_text[window_type],
+        js_env: {
+          form_target: form_target,
+          window_type: window_type,
+          width: width,
+          height: height
+        }
+      }
+    )
+  end
+end

data/app/views/canvas_lti_third_party_cookies/_cookie_message.erb ADDED Viewed

@@ -0,0 +1,11 @@
+<div id="<%= id %>" class="flex-container">
+  <div class="flex-item">
+    <img src="https://upload.wikimedia.org/wikipedia/commons/0/03/Oxygen480-apps-preferences-web-browser-cookies.svg" alt="Cookie" />
+  </div>
+  <div class="flex-item">
+    <strong>It looks like your browser doesn't like cookies.</strong>
+  </div>
+  <%= yield %>
+</div>

data/app/views/canvas_lti_third_party_cookies/relaunch_on_login.erb ADDED Viewed

@@ -0,0 +1,41 @@
+<%= stylesheet_link_tag 'canvas_lti_third_party_cookies/relaunch_on_login' %>
+<%= javascript_tag do %>
+  window.ENV = <%= js_env.to_json.html_safe %>
+<% end %>
+<%= javascript_include_tag 'canvas_lti_third_party_cookies/relaunch_on_login' %>
+<%# when submitted, continue to login flow step 2: redirect back to Canvas for authentication %>
+<%= form_tag(redirect_url, method: :post, id: 'redirect-form') do %>
+  <% redirect_data.each do |k, v| %>
+    <%= hidden_field_tag(k, v) %>
+  <% end %>
+<% end %>
+<%# when submitted, replay login flow step 1 in a new window %>
+<%# the target attribute tells the form to POST in the window matching that target, which is opened below %>
+<%= form_tag(relaunch_url, method: :post, id: 'relaunch-form', target: form_target) do %>
+  <% relaunch_data.each do |k, v| %>
+    <%= hidden_field_tag(k, v) %>
+  <% end %>
+<% end %>
+<%# default message to display on new window launch; hidden by default %>
+<%= render 'canvas_lti_third_party_cookies/cookie_message', id: 'relaunch-success' do %>
+  <div class="flex-item">
+    <p>Some browsers block third-party cookies by default, which this app relies on for launch and sign-in features.</p>
+    <p>This app has opened in a <%= window_type_text %>, so that it can set its own cookies.
+  </div>
+<% end %>
+<%# message displayed when popups are blocked; hidden by default %>
+<%= render 'canvas_lti_third_party_cookies/cookie_message', id: 'relaunch-retry' do %>
+  <div class="flex-item">
+    <p>Some browsers block third-party cookies by default, which this app relies on for launch and sign-in features.</p>
+    <p>Launching this app in a <%= window_type_text %>, separate from Canvas, will allow the app to set its own cookies.</p>
+    <p>To open the app, make sure your browser allows popups for this page and try again.</p>
+  </div>
+  <div class="flex-item">
+    <button id="relaunch-request">Open in <%= window_type_text.capitalize %></button>
+  </div>
+<% end %>

data/lib/canvas_lti_third_party_cookies/engine.rb CHANGED Viewed

@@ -1,5 +1,9 @@
 module CanvasLtiThirdPartyCookies
   class Engine < ::Rails::Engine
     isolate_namespace CanvasLtiThirdPartyCookies
+    initializer "CanvasLtiThirdPartyCookies.assets.precompile" do |app|
+      app.config.assets.precompile += %w( canvas_lti_third_party_cookies/relaunch_on_login.js canvas_lti_third_party_cookies/relaunch_on_login.css )
+    end
   end
 end

data/lib/canvas_lti_third_party_cookies/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module CanvasLtiThirdPartyCookies
-  VERSION = '0.3.1'
+  VERSION = '1.0.0'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: canvas_lti_third_party_cookies
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 1.0.0
 platform: ruby
 authors:
 - Xander Moffatt
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-03-03 00:00:00.000000000 Z
+date: 2021-06-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -16,20 +16,20 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 6.0.2
+        version: 6.0.3
     - - ">="
       - !ruby/object:Gem::Version
-        version: 6.0.2.1
+        version: 6.0.3.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 6.0.2
+        version: 6.0.3
     - - ">="
       - !ruby/object:Gem::Version
-        version: 6.0.2.1
+        version: 6.0.3.6
 - !ruby/object:Gem::Dependency
   name: browser
   requirement: !ruby/object:Gem::Requirement
@@ -75,9 +75,11 @@ files:
 - LICENSE
 - README.md
 - Rakefile
-- app/controllers/concerns/canvas_lti_third_party_cookies/safari_launch.rb
-- app/views/canvas_lti_third_party_cookies/full_window_launch.erb
-- app/views/canvas_lti_third_party_cookies/request_storage_access.erb
+- app/assets/javascripts/canvas_lti_third_party_cookies/relaunch_on_login.js
+- app/assets/stylesheets/canvas_lti_third_party_cookies/relaunch_on_login.css
+- app/controllers/concerns/canvas_lti_third_party_cookies/relaunch_on_login.rb
+- app/views/canvas_lti_third_party_cookies/_cookie_message.erb
+- app/views/canvas_lti_third_party_cookies/relaunch_on_login.erb
 - app/views/layouts/application.html.erb
 - lib/canvas_lti_third_party_cookies.rb
 - lib/canvas_lti_third_party_cookies/engine.rb

data/app/controllers/concerns/canvas_lti_third_party_cookies/safari_launch.rb DELETED Viewed

@@ -1,71 +0,0 @@
-require 'browser'
-module CanvasLtiThirdPartyCookies::SafariLaunch
-  extend ActiveSupport::Concern
-  # this needs to be called as a before_action on the route that launches the tool
-  # and the tool is required to pass some parameters to this method.
-  # the `launch_url` parameter is required, which should be the route
-  #   that launches the tool.
-  # the `launch_params` parameter is optional, and should contain
-  #   all needed query parameters that the tool requires to launch.
-  # the `launch_data` parameter is optional, and should contain
-  #   all needed form data that the tool requires to launch.
-  # example:
-  # include CanvasLtiThirdPartyCookies::SafariLaunch
-  # ...
-  # before_action -> {
-  #   handle_safari_launch(launch_url: action_url, launch_params: { foo: bar }, launch_data: { foo: baz })
-  # }
-  def handle_safari_launch(launch_url:, launch_params: {}, launch_data: {})
-    browser = Browser.new(request.headers["User-Agent"])
-    # detect both MacOS and iOS Safari
-    return unless browser.safari? || (browser.webkit? && browser.platform.ios?)
-    # Safari launch #4: Storage Access has been granted,
-    #   so launch the app normally. Note that this is not an actual LTI launch, but
-    #   just opaquely passing on the data from launch #3.
-    return if params[:storage_access_status].present?
-    # Safari launch #2: Full-window launch, solely for first-party user interaction.
-    #   During a full-window launch, Canvas provides a :platform_redirect_url that
-    #   will launch the tool again within an iframe in Canvas. (#3)
-    if params[:platform_redirect_url].present?
-      return render(
-        'canvas_lti_third_party_cookies/full_window_launch',
-        locals: { platform_redirect_url: params[:platform_redirect_url] }
-      )
-    end
-    # Safari launch #1: request Storage Access, then relaunch the tool. (#4)
-    #   If request fails, request a full window launch instead. (#2)
-    # Safari launch #3: Relaunched by Canvas after full-window launch,
-    #   request Storage Access and then relaunch the tool. (#4)
-    # Pass along any parameters provided by the tool that are needed to launch correctly,
-    # and tell the tool that it has Storage Access.
-    render(
-      'canvas_lti_third_party_cookies/request_storage_access',
-      locals: {
-        launch_url: launch_url,
-        relaunch_url: relaunch_url(launch_url, launch_params),
-        launch_data: launch_data.merge({ storage_access_status: "granted"})
-      }
-    )
-  end
-  # Safari launch #4 (described above) is actually an internal opaque redirect of launch #3
-  # and not a real Canvas LTI launch, so the id_token (and specifically the nonce inside)
-  # is exactly the same. Normally, ignoring the nonce is a Bad Idea since it can allow
-  # replay attacks, but for this specific situation (the request is an internal redirect)
-  # it's a sufficient hack.
-  def should_ignore_nonce?
-    params[:storage_access_status] == "granted" && URI.parse(request.referer).host == request.host
-  end
-  private
-  def relaunch_url(launch_url, launch_params)
-    return launch_url if launch_params.empty?
-    "#{launch_url}?#{launch_params.to_query}"
-  end
-end

data/app/views/canvas_lti_third_party_cookies/full_window_launch.erb DELETED Viewed

@@ -1,80 +0,0 @@
-<%= javascript_tag do -%>
-  document.addEventListener("DOMContentLoaded", () => {
-    document.getElementById("redirect").addEventListener("click", () => {
-      window.location.replace("<%= platform_redirect_url %>");
-    });
-  });
-<% end %>
-<style type="text/css">
-  .flex-container {
-    display: flex;
-    flex-direction: column;
-    height: 100%;
-    font-family: "Segoe UI", Frutiger, "Frutiger Linotype", "Dejavu Sans", "Helvetica Neue", Arial, sans-serif;
-    font-size: 1.1em;
-    padding: 0 75px 0 75px;
-  }
-  .flex-item {
-    margin-bottom: 10px;
-    text-align: center;
-  }
-  .first {
-    margin-top: 50px;
-  }
-  p {
-    margin: 0 0 0.5em 0;
-  }
-  button {
-    background: #008EE2;
-    color: #ffffff;
-    border: 1px solid;
-    border-color: #0079C1;
-    border-radius: 3px;
-    transition: background-color 0.2s ease-in-out;
-    display: inline-block;
-    position: relative;
-    padding: 8px 14px;
-    margin-bottom: 0;
-    font-size: 16px;
-    font-size: 1rem;
-    line-height: 20px;
-    text-align: center;
-    vertical-align: middle;
-    cursor: pointer;
-    text-decoration: none;
-    overflow: hidden;
-    text-shadow: none;
-    -webkit-user-select: none;
-    -moz-user-select: none;
-  }
-  #safari-logo {
-    width: 100px;
-    height: 100px;
-  }
-</style>
-<div class="flex-container">
-  <div class="flex-item first">
-    <img id="safari-logo" src="https://upload.wikimedia.org/wikipedia/commons/5/52/Safari_browser_logo.svg" alt="Safari Logo" />
-  </div>
-  <div class="flex-item">
-    <strong>It looks like you are using Safari.</strong>
-  </div>
-  <div class="flex-item">
-    <p>Occasionally, Safari requires you to launch this app outside of Canvas before logging in.</p>
-    <p>This setup is now complete, and Canvas can now relaunch this app.</p>
-    <p>In some cases, you may need to relaunch this app yourself.</p>
-  </div>
-  <div class="flex-item">
-     <button id="redirect">Relaunch App in Canvas</button>
-  </div>
-  <div>
-</div>

data/app/views/canvas_lti_third_party_cookies/request_storage_access.erb DELETED Viewed

@@ -1,115 +0,0 @@
-<%= javascript_tag do -%>
-  const requestStorageAccess = () => {
-    document
-      .requestStorageAccess()
-      .then(() => redirectToSetCookies())
-      .catch(() => requestFullWindowLaunch());
-  };
-  const requestFullWindowLaunch = () => {
-    window.parent.postMessage(
-      {
-        messageType: "requestFullWindowLaunch",
-        data: "<%= launch_url %>",
-      },
-      "*"
-    );
-  };
-  const redirectToSetCookies = () => {
-    const form = document.getElementById("relaunch");
-    form.submit();
-  };
-  document.addEventListener("DOMContentLoaded", () => {
-    document.getElementById("request").addEventListener("click", requestStorageAccess)
-    document
-      .hasStorageAccess()
-      .then((hasStorageAccess) => {
-        if (hasStorageAccess) {
-          redirectToSetCookies();
-        }
-      })
-      .catch((err) => console.error(err));
-  });
-<% end %>
-<style type="text/css">
-  .flex-container {
-    display: flex;
-    flex-direction: column;
-    height: 100%;
-    font-family: "Segoe UI", Frutiger, "Frutiger Linotype", "Dejavu Sans", "Helvetica Neue", Arial, sans-serif;
-    font-size: 1.1em;
-    padding: 0 75px 0 75px;
-  }
-  .flex-item {
-    margin-bottom: 10px;
-    text-align: center;
-  }
-  .first {
-    margin-top: 50px;
-  }
-  p {
-    margin: 0 0 0.5em 0;
-  }
-  button {
-    background: #008EE2;
-    color: #ffffff;
-    border: 1px solid;
-    border-color: #0079C1;
-    border-radius: 3px;
-    transition: background-color 0.2s ease-in-out;
-    display: inline-block;
-    position: relative;
-    padding: 8px 14px;
-    margin-bottom: 0;
-    font-size: 16px;
-    font-size: 1rem;
-    line-height: 20px;
-    text-align: center;
-    vertical-align: middle;
-    cursor: pointer;
-    text-decoration: none;
-    overflow: hidden;
-    text-shadow: none;
-    -webkit-user-select: none;
-    -moz-user-select: none;
-  }
-  #safari-logo {
-    width: 100px;
-    height: 100px;
-  }
-</style>
-<div class="flex-container">
-  <div class="flex-item first">
-    <img id="safari-logo" src="https://upload.wikimedia.org/wikipedia/commons/5/52/Safari_browser_logo.svg" alt="Safari Logo" />
-  </div>
-  <div class="flex-item">
-    <strong>It looks like you are using Safari.</strong>
-  </div>
-  <div class="flex-item">
-    <p>Safari requires your interaction with this app before logging you in.</p>
-    <p>A dialog may appear asking you to allow this app to use cookies while browsing Canvas.</p>
-    <p>For the best experience, click Allow.</p>
-    <p>A dialog may also appear asking you to navigate somewhere else.</p>
-    <p>If it does, save your work first and then click Leave Page.</p>
-  </div>
-  <div class="flex-item">
-    <button id="request">Continue to App</button>
-  </div>
-  <div>
-</div>
-<form id="relaunch" method="POST" action="<%= relaunch_url %>">
-  <% launch_data.each do |key, value| -%>
-    <%= hidden_field_tag key, value %>
-  <% end -%>
-</form>