Plans for the support of browsers disabling third-party cookies #213
Comments
|
One thing that might help is if a |
|
Re CHIPS - This is a good idea should be investigated. Note too you can file app exception request with Chrome (see 3rd party cookie chrome dev page for details) to get more time if your non-advertising app is impacted by these changes.
Rod
…--
Rodney Tamblyn
Co- Founder & CEO | OceanBrowser Ltd
+64 34742102 | @ocnb3
https://nz.linkedin.com/in/rodneytamblyn
Beautiful study for lifelong learning
http://www.ob3.io
On Mon, Feb 19, 2024, at 2:02 PM, deckeraa wrote:
One thing that might help is if a `partitioned` value could be set on the `cookie` options object that gets sent into `Provider.js`. That way the state cookie could use CHIPS <https://developer.mozilla.org/en-US/docs/Web/Privacy/Partitioned_cookies>
—
Reply to this email directly, view it on GitHub <#213 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAL5STCJC3WOPNX5HFOY2OTYUKQBTAVCNFSM6AAAAABBJ4K5KKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNJRGUZDIOBZG4>.
You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>
|
|
It appears that this expressjs issue will need to be resolved before partitioned cookies can be supported in |
|
@Cvmcosta Is there any update on this? Is there any plan to implement the postMessage in ltijs? |
|
@deckeraa @Cvmcosta I notice you just dropped a new release of ltijs with a bump in the dependencies. I'm not sure if you are aware that Express 4.19.2 now uses Cooke 0.6.0, and Cooke 0.6.0 has added a partitioned option. https://www.npmjs.com/package/cookie/v/0.6.0 So this seems everything is in place to make all of ltijs's cookies partitioned. As far as I can tell, the only thing missing is a private property under cookieOptions in ltijs and an if statement to make sure the property is passed along. But you know the code better than me, so there may be another issue. I just wanted to check. |
|
@nandita121189 @deckeraa @Jim-Bar @rodneytamblyn Me and another collaborator are working on implementing cookieless login for LTIJS. Initially by using local storage and then using 1EdTech's new post-message-based protocol. @virtualarkansas I will look into adding support for express' partitioned cookies, thanks for bringing this into my attention. CLosing this for fow. |
But the LTI specification relies on third-party cookies for launching activities embedded in LMS platforms, and for deep linking activities (as far as I know, maybe other services are affected). Consequently the Ltijs implementation relies on them too. In its current state, issues with Ltijs (e.g. #180) are going to pop up more and more.
The problem is with the current LTI specification but 1EdTech is aware of this and is working on extending LTI for getting rid of the need of third-party cookies. Three new specification drafts are available, replacing the use of third-party cookies by
postMessage:Although those are still works in progress, due to the browsers going away from third-party cookies this year and the absence of other viable solutions, those are going to become the de facto standard implementation for LTI.
I would like to know what is the position of Ltijs on this topic?
The text was updated successfully, but these errors were encountered: