Hello, I am building an LTI 1.3 integration. I have everything registered in my AWS AMI based on bitnami-canvaslms-2022.4.27-212-0-linux-debian-10-x86_64-hvm-ebs-nami-752b37a4-d309-4bda-b662-6bc16b5eaf49. When I click the link to my application, it never loads. In my application I see the OIDC login, but it never loads the launch. I am using pylti1p3 and Flask with Python 3.9.2.

What I see in the javascript console is:

Mixed Content: The page at 'https://3.235.21.25/courses/1/assignments' was loaded over HTTPS, but requested an insecure frame 'http://canvas.test/api/lti/authorize_redirect?scope=openid&response_type=id_token&response_mode=form_post&prompt=none&client_id=10000000000002&redirect_uri=https%3A%2F%2Fbox-lti.herokuapp.com%2Flaunch%2F&state=state-a5a2b71f-d9ec-4b2a-ab14-64d320d6ef17&nonce=a0722c6503e14f3d9c5cebfe5baa857feb761b7cf40011eca80dda7f7cbc7b0c&login_hint=c822a4f6c58d1a4b31c66d3903d634dd75556570&lti_message_hint=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ2ZXJpZmllciI6IjE2MjA1MjliYWMzOTBjZTMyZjA2NDJlMWQ0YTQ5MGQ0MzRkZDk1ZWU4ZTNkOWIzZTQyZWRiZWUxN2MyOTczZmIyM2IxNTEyNjU2ZjExODQ3YzE5ZDE5N2YwM2U3MGE0MzE1ZDBkMTcwN2Y0Yzg3NDVjMGZkNzAyZTQ0N2NmMGZiIiwiY2FudmFzX2RvbWFpbiI6IjMuMjM1LjIxLjI1IiwiY29udGV4dF90eXBlIjoiQ291cnNlIiwiY29udGV4dF9pZCI6MTAwMDAwMDAwMDAwMDEsImNhbnZhc19sb2NhbGUiOiJlbiIsImV4cCI6MTY1NjEwNDgyN30.AZ7yGSLTaj1TQEBXsCYgP15_ot9kL93mM6WnrfXK2ag'. This request has been blocked; the content must be served over HTTPS.

It points to the following code:

        function checkCookiesAllowed() {
            var cookie = "lti1p3_test_cookie=1; path=/";
            if (siteProtocol === 'https') {
                cookie = cookie + '; SameSite=None; secure';
            }
            document.cookie = cookie;
            var res = document.cookie.indexOf("lti1p3_test_cookie") !== -1;
            if (res) {
                // remove test cookie and reload page
                document.cookie = "lti1p3_test_cookie=1; expires=Thu, 01-Jan-1970 00:00:01 GMT";
                displayLoadingBlock();
                window.location.href = getUpdatedUrl();
            } else {
                displayWarningBlock();
            }
        }

Specifically on the line: window.location.href = getUpdatedUrl();

I'm not quite sure where canvas.test is coming from. It does load just fine in other LMS sandboxes, but I'm new to Canvas, so I'm definitely aware that I'm probably missing something dumb. LOL Please let me know if there is additional information I can provide.

I couldn't find any mention of this elsewhere, so I greatly appreciate any guidance.

Thanks in advance!