fix: make lti launch succeed even if cross-site cookies are blocked.

docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   mongo:
-    image: mongo:6
+    image: mongo:6 # Match major version on Uberspace
     ports:
       - 27017:27017
   mariadb:

package.json

@@ -40,7 +40,7 @@
     "jsonwebtoken": "9.0.2",
     "jwt-decode": "4.0.0",
     "lodash": "^4.17.21",
-    "ltijs": "^5.9.5",
+    "ltijs": "^5.9.6",
     "mongodb": "5.1.0",
     "mysql2": "^3.11.5",
     "openai": "^4.77.0",

src/backend/index.ts

@@ -48,9 +48,14 @@ const setup = async () => {
       dynRegRoute: '/lti/register',
       staticPath: path.join(__dirname, './../../dist/frontend'), // Path to static files
       cookies: {
-        secure: config.ENVIRONMENT === 'local' ? false : true, // Set secure to true if the testing platform is in a different domain and https is being used
+        secure: config.ENVIRONMENT !== 'local', // Set secure to true if the testing platform is in a different domain and https is being used
         sameSite: config.ENVIRONMENT === 'local' ? '' : 'None', // Set sameSite to 'None' if the testing platform is in a different domain and https is being used
       },
+      // Disables cookie verification. Temporary hack to make it work if third-party cookies are blocked. Later, use newer ltijs version that should solve this without requiring devMode.
+      devMode:
+        config.ENVIRONMENT === 'local' ||
+        config.ENVIRONMENT === 'development' ||
+        config.ENVIRONMENT === 'staging',
     }
   )
 

yarn.lock

@@ -8596,6 +8596,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"get-value@npm:^3.0.1":
+  version: 3.0.1
+  resolution: "get-value@npm:3.0.1"
+  dependencies:
+    isobject: "npm:^3.0.1"
+  checksum: 10/3ba777d33448181d8b6c21ce11f31194257119d32dbd632b27db6e3f27fe78100405b4dd93137eea9f4aa2d0a9c623b13747d728d472a7ca6cb93046c3f521a1
+  languageName: node
+  linkType: hard
+
 "git-hooks-list@npm:^3.0.0":
   version: 3.1.0
   resolution: "git-hooks-list@npm:3.1.0"
@@ -10710,9 +10719,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"ltijs@npm:^5.9.5":
-  version: 5.9.5
-  resolution: "ltijs@npm:5.9.5"
+"ltijs@npm:^5.9.6":
+  version: 5.9.6
+  resolution: "ltijs@npm:5.9.6"
   dependencies:
     "@babel/runtime": "npm:^7.24.4"
     body-parser: "npm:^1.20.2"
@@ -10724,10 +10733,11 @@ __metadata:
     got: "npm:^11.8.2"
     helmet: "npm:^6.0.1"
     jsonwebtoken: "npm:^9.0.2"
-    mongoose: "npm:^7.6.10"
+    mongoose: "npm:^7.8.3"
     parse-link-header: "npm:^2.0.0"
     rasha: "npm:^1.2.5"
-  checksum: 10/1ffdcca8ee185519e27710ad422c573c8d5767b523c2ca7a0aed967487134859f06a19d9646ffc00a187d811cd72fd69efd427d353118e8ff8b81a1a603960fe
+    sprightly: "npm:^2.0.1"
+  checksum: 10/83f10bd38cc2b2ba22c7387ef55ad97590fa889804c93cc7627870b75ac81d49dc877c9ade3a4c73d2028f96ae8600f2fec3e44e42aa34e5879827aa62013bbc
   languageName: node
   linkType: hard
 
@@ -11458,9 +11468,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"mongoose@npm:^7.6.10":
-  version: 7.8.3
-  resolution: "mongoose@npm:7.8.3"
+"mongoose@npm:^7.8.3":
+  version: 7.8.6
+  resolution: "mongoose@npm:7.8.6"
   dependencies:
     bson: "npm:^5.5.0"
     kareem: "npm:2.5.1"
@@ -11469,7 +11479,7 @@ __metadata:
     mquery: "npm:5.0.0"
     ms: "npm:2.1.3"
     sift: "npm:16.0.1"
-  checksum: 10/1c70bbea8b3e7ca87097dc6f3cb808ffd34e18057e877430a0012eaecbe21d46054a65cc69215fecff3a2fb35e6a6e43ff36829825155b06ab0a424cbedfeafd
+  checksum: 10/fb2d5b693cec77b43e610fc3aff35b5154648d30d681a9d623840c2df1c285c227d961bef51a2f3f873efaccdf6ff16359fe9fc0f6dd3008ce687753313e95d7
   languageName: node
   linkType: hard
 
@@ -13735,7 +13745,7 @@ __metadata:
     jwks-rsa: "npm:^3.1.0"
     jwt-decode: "npm:4.0.0"
     lodash: "npm:^4.17.21"
-    ltijs: "npm:^5.9.5"
+    ltijs: "npm:^5.9.6"
     mongodb: "npm:5.1.0"
     multer: "npm:^1.4.5-lts.1"
     mysql2: "npm:^3.11.5"
@@ -14119,6 +14129,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"sprightly@npm:^2.0.1":
+  version: 2.0.1
+  resolution: "sprightly@npm:2.0.1"
+  dependencies:
+    get-value: "npm:^3.0.1"
+  checksum: 10/50b77101979df58496e1c7b14c75add3cd56c6beffa35c622188144ebadec02fa52a4f25b37226b5e82fd58aa2979feeaacedcc52cc20055eaa928cc4fb6b4c7
+  languageName: node
+  linkType: hard
+
 "sprintf-js@npm:1.1.1":
   version: 1.1.1
   resolution: "sprintf-js@npm:1.1.1"