-
Notifications
You must be signed in to change notification settings - Fork 38
Platform_storage
For cases where third-party cookies are blocked by a browser, a tool may be able to use a storage area made available within a frame owned by the platform. This involves a tool sending postMessages to the platform to obtain details of what capabilities it supports and to save and retrieve data values when processing an LTI 1.3 login initiation request.
The availability of this storage area is signified by a platform including a parameter named lti_storage_target
when making a login initiation request. This parameter is automatically added by the library when the name of the frame being used has been set before a message is signed or an incoming authentication is handled; for example:
$platform::$browserStorageFrame = '_parent';
The JavaScript for supporting the storage area can be included within the parent frame for an LTI launch as follows:
use ceLTIc\LTI\Platform;
...
echo '<script type="text/javascript">' . "\n";
echo Platform::getStorageJS();
echo '</script>' . "\n";
or include it in a separate JavaScript file:
echo '<script type="text/javascript" src="lti_storage.php">' . "\n";
and define the lti_storage.php
file as:
<?php
use ceLTIc\LTI\Platform;
require_once('vendor/autoload.php');
header('Content-Type: text/javascript; charset=UTF-8');
echo Platform::getStorageJS();
?>
or place the script within an iframe:
echo '<iframe name="lti_storage" src="lti_storage.php" width="0" height="0">' . "\n";
where the script at lti_storage.php
would look something like this:
<?php
use ceLTIc\LTI\Platform;
require_once('vendor/autoload.php');
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title>LTI Storage</title>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<script type="text/javascript">
<?php echo Platform::getStorageJS(); ?>
</script>
</head>
<body>
</body>
</html>
and initialise the platform with the name given to the iframe; for example:
$platform::$browserStorageFrame = 'lti_storage';
The library will automatically seek to use the platform storage for tools, if available, when their cookies are being blocked. It will check for capabilities and use any frame defined by them when found, otherwise it will try to use the frame provided in the lti_storage_frame
parameter. If the frame is not found, then window.top
is also checked to support platform implementations of earlier versions of this specification. For similar reasons, postMessages are also sent using the subjects of org.imsglobal.lti.put_data
and org.imsglobal.lti.get_data
. By default, a tool will wait for 20 milliseconds for a response to a postMessage before it assumes that the message is not supported. This delay can be changed to 100 milliseconds, for example, as follows:
Tool::$postMessageTimeoutDelay = 100;
© 2022 Stephen P Vickers. All Rights Reserved.