Topics Map > Canvas
Topics Map > Kaltura
Topics Map > Known Issues

Canvas (Integrations) - Testing for Same-Site Cookie Issues

In February 2020, the Google Chrome browser will change how it handles 3rd party or "same-site" cookies. UW Digital Learning Environment Project leaders will coordinate efforts by campus field administrators to test external applications within the DLE for compatibility with these browser changes. This document outlines how campus field administrators can contribute to the testing.
[Update 04/06/2020: Due to the COVID-19 outbreak, Google has announced that it will be "Temporarily Rolling Back SameSite Cookie Changes," until summer 2020. Campuses should continue to put pressure on 3rd party application vendors to resolve any same-site cookie issues, but this does buy some additional time.]

DLE campus field admins who wish to test any of the external applications in the DLE should go to the "Chrome 80 Review" spreadsheet [login required] in the DLE Community in Microsoft Teams and choose an application which hasn't been tested yet:

"Chrome 80 Review" spreadsheet [login required]  

The field admin should then follow these steps, adapted from Chrome's Changes Could Break Your App: Prepare for SameSite Cookie Updates:

1) Open Google Chrome 

2) Go to chrome://flags/

Google Chrome address bar with

3) Enable #same-site-by-default-cookies and #cookies-without-same-site-must-be-secure

Google Chome Settings page with

4) Click Relaunch to restart your browser.

Google Chrome screen with a

5) Log into Canvas and navigate to the external application you'd like to test. Many campus Canvas admins have access to the zz.SysDev - External Tool Testing sub-account, which has tests of most external applications set up. 

6) Open Google Chrome's Developer Tools (Ctrl+Shift+J, or Menu > More tools > Developer Tools).

7) Navigate to the Console tab of the Developer Tools.

Google Chrome Developer Tools with the Console bar selected and an error message reading "A cookie associated with a cross-site resource at was set without the `SameSite` attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with `SameSite=None` and `Secure`."

8) Launch the external application and look in the developer tools Console to see if you can see an error message such as: "A cookie associated with a cross-site resource at [external application's URL] was set without the 'SameSite' attribute. It has been blocked" (see screenshot above).

9) Go back to the "Chrome 80 Review" spreadsheet [login required] and record the results of the test.

Chrome 80 Review spreadsheet listing testing results for external tools.

10) If testing reveals problems with the external application's settings for 3rd party cookies, contact the vendor to discover their plan for resolving the issue. Record the results in the "Vendor Contacted/Aware" column of the spreadsheet.

Keywordslms, browser, cookieDoc ID97725
OwnerJason Z.GroupUWSA DLE
Created2020-02-06 15:55:43Updated2020-04-06 09:43:02
SitesUW System Administration DLE
Feedback  0   0