Course Import and data-api-endpoint issues?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I noticed some different behavior recently in canvas when an image or link to a file is imported from a course. I'm not sure when it started, but I know that it must be in the past few months because this was not the behavior that I have seen in the past.
Upon course import of content into the recipient course, the recipient course no longer rewrites the data-api-endpoint attribute of images or files, but the actual source of the file or image does get rewritten.
I haven't done enough testing to see if this is an issue or not, but I would imagine that if canvas looks at this data-api-endpoint attribute instead of the actual source, it could return images/files that aren't associated with the recipient course.
For example, the newly noticed behavior looks like the following code upon import (notice the data-api-endpoints do not match the source)
Example 1:
<div class="ds_ga"><iframe src="/courses/4130/files/3244108/download" width="100%" height="0" data-api-endpoint="https://abc123.instructure.com/api/v1/courses/4118/files/2984567" data-api-returntype="File"></iframe></div>
OR
Example 2:
<img style="margin: 15px auto; display: block; width: 100%; max-width: 100%; min-width: 100%;" src="/courses/4130/files/2974818/preview" alt="Poster" width="800" height="400" data-api-endpoint="https://abc123.instructure.com/api/v1/courses/2865/files/2589234" data-api-returntype="File" />
I would assume that the code should look like the following examples (notice the data-api-endpoints match the source)
Example 1:
<div class="ds_ga"><iframe src="/courses/4130/files/3244108/download" width="100%" height="0" data-api-endpoint="https://abc123.instructure.com/api/v1/courses/4130/files/3244108" data-api-returntype="File"></iframe></div>
OR
Example 2:
<img style="margin: 15px auto; display: block; width: 100%; max-width: 100%; min-width: 100%;" src="/courses/4130/files/2974818/preview" alt="Poster" width="800" height="400" data-api-endpoint="https://abc123.instructure.com/api/v1/courses/4130/files/2974818" data-api-returntype="File" />
Has anyone else noticed this behavior? Should I be concerned that my files and images aren't being correctly served to my students? Should I be concerned about any kind of external tool using the data-api-endpoint? Something tells me this has cascading implications.