Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"Ltiaas mode" Documentation Clarification? #165

Open
scalebig opened this issue Oct 10, 2022 · 1 comment
Open

"Ltiaas mode" Documentation Clarification? #165

scalebig opened this issue Oct 10, 2022 · 1 comment
Assignees
Labels
bug Something isn't working

Comments

@scalebig
Copy link

scalebig commented Oct 10, 2022

Describe the bug
We just need clarification on Ltiaas mode. Safari on iOS by default locks down third party cookies. It causes a bunch grief for our Canvas users using iPads (coming in from many different universities)

Our system has the following settings for prod:

          cookies:
            secure: true
            sameSite: None
          devMode: false               

However if we set Ltiaas to true will that eliminate the need for the cookies? Seems like that should be the default if its using ltik as the key for the store. Asking another way, whats the cookie use case vs no cookies?

Thanks in advance!

@scalebig scalebig added the bug Something isn't working label Oct 10, 2022
@Cvmcosta
Copy link
Owner

Hello @scalebig ltiaas mode is just to remove the cookie check when accessing routes created using ltijs. It does not affect the cookie used as part of the LTI launch handshake, the state cookie. The only way to disable the state cookie validation is by setting devMode to true, this, however, will make your ltijs server not fully compliant to the LTI spec.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants