Disclaimer: This news item was originally posted on Thursday, Feb 6, 2020. Its content may no longer be timely or accurate.

Canvas (Integrations) - Chrome 80 and Same-Site Cookies [Updated]

Posted: 15:16:11, Thursday, Feb 6, 2020   Expiration: 15:16:11, Tuesday, Apr 14, 2020  

In February 2020, the Google Chrome browser will change how it handles 3rd party or "same-site" cookies. This will change the way that some external applications (integrations) display secure content in Canvas. If an external tool is not designed to accommodate this change, Google Chrome users could see error messages instead of the external content or tool that they expect to see. [Update 04/06/2020: Due to the COVID-19 outbreak, Google has announced that it will be "Temporarily Rolling Back SameSite Cookie Changes," until summer 2020. Campuses should continue to put pressure on 3rd party application vendors to resolve any same-site cookie issues, but this does buy some additional time.]

For Google's April announcement of the temporary roll-back, see: Temporarily Rolling Back SameSite Cookie Changes.

For background on 3rd party cookies, see Same Site cookies explained.

Local solutions for this issue are not feasible. If an external application isn't designed in a way that complies with Google Chrome's new rules about 3rd party cookies, the only solution is for the application's vendor to update its code.

Vendors of the following products have released statements regarding their efforts around this issue:

  • Canvas: SameSite Cookies and Canvas - "tools that utilize cookies and integrate with Canvas will need to add SameSite=None and Secure attributes to their cookies to maintain current behavior."
  • [updated] Blackboard Collaborate Ultra: Blackboard support says: "Typically, if there was an issue, then an article would be posted to reflect this. But since there are no issues with Chrome 80, there wasn't one. I will see if we can update the system requirements page to note the concerns towards the Google Chrome 80 and Same-Site Cookies, and that we have not seen any problems arise."
  • Kaltura: MediaSpace and Kaltura Application Framework (KAF) Release Notes - KMS Version 5.96.26 - January 14, 2020 - "Chrome version 80... will introduce changes around the default 'SameSite' cookies policy.... In this version, Kaltura has configured all Kaltura products to function properly with this update."
  • Office 365: Effect on customer websites and Microsoft services and products in Chrome version 80 or later - "Microsoft is committed to addressing this change in behavior in its products and services before the Chrome 80 release date.... However, it's equally important that you test your own applications against this change in Chrome behavior and prepare your own websites and web applications as necessary."
DLE Project leaders will coordinate efforts by campus field administrators to test the external applications approved for the DLE. If you are a campus Canvas field administrator, see Canvas (Integrations) - Testing for Same-Site Cookie Issues for information on how you can test the external applications used by your campus.

-- UWSA DLE: Thomas Arendalkowski

Created: 16:38:46, Wednesday, Feb 5, 2020 (by Thomas A.)
Updated: 09:46:08, Monday, Apr 6, 2020 (by Thomas A.)