Cookies Issue Blocking KAF Access on Firefox (from listserv)

cameronzimny
cameronzimny Dallas, TXFounder Posts: 32 ✭✭

~carrying this conversation over from the listserv for increased exposure~

Original post (Wed Jan 12 09:46:49 PST 2022)– "After updating Firefox (96) I'm now seeing "It seems your browser is blocking 3rd party session cookies<http://en.wikipedia.org/wiki/HTTP_cookie#Session_cookie> which are required for the Kaltura application. To resolve this issue, please update your settings to allow 3rd party cookies" for Kaltura integrated/embedded content in Canvas. I've added our domain as an exception (the shield with the slash), but the message/error remains."

Since then, six others have chimed in on the issue. OP has vanity domain setup; others with vanity domain setup are not experiencing the issue. I have reports of the issue and we do not have vanity domain.

From my chat with Customer Care about the issue: "Currently there is an issue with Firefox 96.0 blocking third party cookies..." [Case# 00387862]

From Firefox 96 release notes: "Firefox will now default all cookies to having a SameSite=lax attribute which helps defend against Cross-Site Request Forgery (CSRF) attacks."

Indeed if you look in the Firefox dev tools during a request to Media Gallery (that results in "enable cookies" error message) (no vanity domain here):

Because I also have two users reporting this issue using the latest version of Chrome (one on Windows, one on Mac), I wanted to compare what shows in Firefox for the request to what shows in Chrome.

The following is from a successful request (I have not been able to replicate the issue in Chrome thus far):

I do not have enough web dev knowledge (yet) to know if this is related, but one part of the latest Chrome release notes is "Chrome disables WebSQL in third-party contexts."

I'm hoping Kaltura will shed some additional light on this issue for us very, very soon. We started a new term this week and it irks me to not have "in the meantime" fix to provide students facing this issue.

Does anyone have additional insights on a fix? Or strategies for how to handle this with impacted users?

Thanks in advance.

Cameron Z.

Best Answer

  • Dani
    Dani Northern California USAKalturian Posts: 258 admin
    Accepted Answer

    Greetings here is the latest from Kaltura Support:

    Issue: Firefox version 96 causes 3rd Party Cookie error 

    This issue was investigated as a top priority by our Engineering team earlier today, and investigation confirmed that this issue was caused by the recent Firefox new version 96. The scenario appears after the embed code is shared and an end user clicks to use it, which prompts KMS to run a flow. This is where the bug is triggered by the new Firefox version. 

    The fix has been completed by our T3 Engineering team. The next steps are code review and QA. Currently we expect the fix to deploy on the next available deployment date of Sunday, January 23rd. 

     In the interim until the fix is released, the workarounds are:  

    a) instruct users to use a different browser  

    b) instruct users not to upgrade their Firefox browser  

    or  

    c) if users have already upgraded their Firefox browser, they can revert using the older versions in the link below: 

    https://support.mozilla.org/en-US/kb/install-older-version-firefox 

    The next update will be posted following the deploy on Sunday, January 23rd.  

    Thanks!

    Dani

    Senior Director, Community

    *Click on a positive reaction if my reply was helpful

Answers

  • Dani
    Dani Northern California USAKalturian Posts: 258 admin

    @cameronzimny thanks for bringing this over we will try to get some more eyes on this.

    Dani

    Senior Director, Community

    *Click on a positive reaction if my reply was helpful

  • dwoodland
    dwoodland USFounder Posts: 7

    are there any updates on this? Not seeing anything on the Kaltura status page

  • dwoodland
    dwoodland USFounder Posts: 7

    Any updates on this? Issue is still happening?

  • dwoodland
    dwoodland USFounder Posts: 7

    just noticed it said Jan 23rd