Engineers are currently investigating the issue.
Description
When the Content Security Policy is enabled, some Instructure owned LTI Apps are failing to embed content properly.
Expected Behavior
Content is visible.
Workaround
No workaround exists at this time.
Steps to Reproduce
-
Enable the YouTube LTI tool (Settings > Apps > Search for Youtube > Add App)
-
Go to Settings > Feature Options > Enable the Content Security Policy feature option
-
In Settings, go to the Security tab and enable the Content Security Policy
-
In any course, go to Pages > add a page with a youtube video > Launch youtube from the text editor > select content and embed it (I search “LTI”) - notice that the video does not show in the text editor
-
Save the page
Result: Embedded content doesn’t load, the error “content on this page violates the security policy, contact your admin for assistance” appears
Additional Info
INTEROP-9085
Known issues indicate notable behaviors that have been escalated to the Canvas engineering team. Known issues are not a guarantee for an immediate resolution. This document is for informational purposes only and does not replace the Support process. If you are encountering the behavior outlined in this document, please ensure you have submitted a Support case (per your institution's escalation process) so Canvas Support can adequately gauge the overall customer impact and prioritize appropriately.
