Qwickly LTI: Chrome 80 "SameSite" Updates and Tool Compatibility

NOTE: Qwickly has updated their Cookie Settings to be compatible with the Chrome 80 cookie requirements

Starting with Chrome 80, Google Chrome has updated how cookies are handled by the Chrome Browser. Cookies that do not specify a SameSite attribute will be treated as if they were SameSite=Lax, which means certain requests will get blocked from accessing cookies.

More information from Google can be found here: https://www.chromium.org/updates/same-site

How does this Affect Qwickly

Qwickly's LTI tools use cookies to maintain a persistent state for users who use our applications. The cookie that Qwickly sets is considered a Third Party Cookie when the LTI tools are loaded in an iframe inside of the LMS. This is because the domain that hosts this cookie (www.qwickly.tools) is different to the LMS domain from which our users access these tools.

Browsers have started blocking requests which try to access these Third Party Cookies if they haven't specifically stated that the cookie's "SameSite" attribute is set as "None". Qwickly's LTI tools currently do not set this Attribute, which is why users may start experiencing compatibility issues if they are opening the tool in an iframe inside of an LMS. (outdated)

As stated by Google, this change is being rolled out gradually across applications, so all users may not be facing this issue right away.

How do I Fix This Issue?

The best way to fix this issue would be to make sure you've configured Qwickly's LTI tools to open in a new window. When the tool has been configured to open in a new window, it ceases being a Third Party Application as it is not being opened within an LMS. Thus, Chrome's "SameSite" cookies issue will be resolved as our cookies will not be a "Third Party Cookie" and will not be blocked due to the "SameSite" attribute check.

Here are steps on how to update the tool to open in a new window on each supported LMS:

More Information

More Info on SameSite Cookies: https://web.dev/samesite-cookies-explained/

0 Comments

Please sign in to leave a comment.
Powered by Zendesk