Content security policy issues when choosing the Google Drive option in the LMS app in Firefox 93

[mkdir-washington-edu]

Describe the bug When creating a new LMS assignment in Firefox and choosing the Google Drive option you get the error message “The API developer key is invalid.”

When accessing an already-created Google Drive assignment a user got the message "To protect your security, lms.hypothes.is will not allow Firefox to display the page if another site has embedded it. To see this page, you need to open it in a new window."

This only seems to occur in Firefox and I replicated it in Canvas and Blackboard. I could not find Firefox settings to fix this issue, and don't think they exist based on this article: https://support.mozilla.org/en-US/kb/xframe-neterror-page

To Reproduce Steps to reproduce the behavior:

1. In Firefox go to https://aunltd-test.blackboard.com/ultra/courses/_23_1/cl/outline
2. Launch either of the last two assignments (both say drive in the title)
3. Select the google drive option
4. Log into Drive if needed
5. See error

Expected behavior I would expect Firefox to behave like other browsers and load the Google picker and/or a Drive assignment.

Screenshots

Desktop (please complete the following information):

• OS: macOS Big Sur v 11.6
• Browser Firefox 93.0

Additional context Original Slack thread: https://hypothes-is.slack.com/archives/C2BLQDKHA/p1635250396056300

[mkdir-washington-edu]

An additional note: while I can replicate my own error above, I found an already-set-up GDrive assignment and can not replicate the user's error in Firefox.

[mkdir-washington-edu]

Matt is unable to replicate and I can fix by disabling certain extensions. Closing issue.

[mkdir-washington-edu]

When I'm looking this up in the future it's the Duck Duck Go Privacy Essentials extension that's the issue.