AnsweredAssumed Answered

LTI and Observers - CSRF

Question asked by simon.sutcliffe on May 8, 2017
Latest reply on May 14, 2017 by Peter Love

Hi all,

 

First attempt was:

 

We're in the process of attempting to convert a number of custom java building blocks into LTI modules instead.  Does anyone know of a method of passing the current Observed user through via LTI?  As far as I can tell thus far there is no variable for that parameter.

 

Second attempt:

 

In reality I assume that's one of the options we're supposed to be able to pass through but every time I enable that option the request is blocked by:

 

org.directwebremoting.dwrp.Batch - A request has been denied as a potential CSRF attack.

 

Does anyone know how to get around that?

 

We're on Q4 2016 CU3 if that makes a difference.

 

Thanks

Simon

 

Message was edited by: Simon Sutcliffe

Outcomes