Closed max-102 closed 2 years ago
max-102
commented
2 years ago Maybe this comes from the following point in the Firefox release notes?
“Firefox will now default all cookies to having a SameSite=lax attribute which helps defend against Cross-Site Request Forgery (CSRF) attacks.”
rschrenk
commented
2 years ago Hi @max-102
you were absolutely right. This issue had to do with the SameSite=lax default setting. Making this cookie SameSite=None by default would require a Moodle Core hack and would make Moodle to open to certain vulnerabilities. Therefore, I made a workaround that modifies the cookie to have SameSite=None as long as the iframe is used. As soon as the meeting URL was caught and the iframe closes, also the cookie is automatically set back to SameSite=lax by Moodle.
Please try the latest code from the master branch and tell me, if the solved the issue for you too. As soon as I receive your feedback, I will publish a new release on moodle.org
Kind regards
Robert
max-102
commented
2 years ago This solved the problem. Thanks!
rschrenk
commented
2 years ago Great, new release is out.
Like already mentioned from another user at https://moodle.org/plugins/mod_msteams there is a problem with creating a meeting in Firefox lately (tested with Firefox 96.0.1 on Windows 10 and Moodle 3.9.9).
When I try to create a meeting, I can login to my Microsoft account and get to the following screen:
But after clicking on “Erstellen” (create meeting) the URL is not added to the URL-field and it looks like this (in the iframe from creating the meeting, I see my Moodle login page):
When I try to go back to my course after this it also redirects me to my Moodle login page. It looks like my moodle session ends when creating the meeting.