AnsweredAssumed Answered

LTI and Observers - CSRF

Question asked by simon.sutcliffe on May 8, 2017
Latest reply on May 14, 2017 by Peter Love

Hi all,


First attempt was:


We're in the process of attempting to convert a number of custom java building blocks into LTI modules instead.  Does anyone know of a method of passing the current Observed user through via LTI?  As far as I can tell thus far there is no variable for that parameter.


Second attempt:


In reality I assume that's one of the options we're supposed to be able to pass through but every time I enable that option the request is blocked by:


org.directwebremoting.dwrp.Batch - A request has been denied as a potential CSRF attack.


Does anyone know how to get around that?


We're on Q4 2016 CU3 if that makes a difference.





Message was edited by: Simon Sutcliffe