blocked 3rd party cookies
I use Kaltura to record lectures and post them to my course at the U of Utah on Canvas. This semester, Firefox will not allow me to open "my media" where the Kaltura recordings are posted on Canvas. I get the following message: It seems your browser is blocking 3rd party session cookies which are required for the Kaltura application. To resolve this issue, please update your settings to allow 3rd party cookies.
I copied the Kaltura web address 670542.kaf.kaltura.com that I can see in Chrome and pasted it into a Chrome browser and it goes to my recordings in Canvas when I use Chrome. The same site doesn't work in Firefox. How do I unblock Kaltura third party sessions? Thank you.
Bob McKnight U of Utah Instructor
Chosen solution
I followed every instruction for enabling 3rd party instructions about 5 dozen times (only a slight exaggeration) and despite 3rd party cookies being enabled or having NOTHING blocked Kaltura still wouldn't load on my school's canvas interface.
Going to about:config and changing network.cookie.sameSite.laxByDefault (a setting mentioned by jscher2000 above, though his suggestion to try to figure out the hosts is seemingly impossible) to false fixed the issue.
I don't know what is going on behind the scenes but none of the recommendations literally anywhere about enabling 3rd party cookies or turning off enhanced tracking protection fixed it. It's apparently a deeper issue than that if we're having to go into about:config to fix it.
This is going to cause a lot of students and professors an immense amount of frustration. I know it caused me at least an hour of torture.
Read this answer in context 👍 3All Replies (20)
Hi Bob, I'm not sure exactly how the site works, but one thing you could check is your Tracking Protection level. If it you have it set on "Strict", try changing it back to "Standard" and see whether that makes any difference.
More info: Enhanced Tracking Protection in Firefox for desktop
The tracking protection level was and is on standard, and the problem still exists. The problem just happened this semester. Did Firefox do an update over the holidays that caused this change?
Firefox did an update yesterday. Is the problem new in Firefox 96, or did you have it earlier?
There is a new restriction on cookie sharing related to mixing HTTPS and HTTP addresses. It shouldn't affect sites that have been updated in recent years, but could affect older sites.
The problem of blocking Kaltura just happened yesterday.
It could be related to the following change, but I don't know how to work around it (this is information for site admins):
https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/96#http
I don't have a site to test with, so maybe you can help me with this.
The developers included an option to make site exceptions to that change. Here's how:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.
More info on about:config: Configuration Editor for Firefox. The moderators would like us to remind you that changes made through this back door aren't fully supported and aren't guaranteed to continue working in the future.
(2) In the search box in the page, type or paste laxByDefault and pause while the list is filtered
Firefox should display a general policy and a preference to store exceptions:
- network.cookie.sameSite.laxByDefault
- network.cookie.sameSite.laxByDefault.disabledHosts
(3) Double-click the network.cookie.sameSite.laxByDefault.disabledHosts preference to display an editing field, and enter the host names of the two servers, separated by a comma, then press Enter or click the blue check mark button to save the change.
As an example, let's say the problem was between https://auth.example.com/path/page and https://www.example.org/path/page.
In the preference, you would enter auth.example.com,www.example.org as your hosts that are exempt from the policy.
Any difference on the next visit?
Sorry but I don't know the names of the servers that you are talking about in the part of your message that I pasted below.
enter the host names of the two servers, separated by a comma, then press Enter or click the blue check mark button to save the change.
Check what appears in the address bar on the sites involved in this problem. One of them might be the one in your original question.
Chosen Solution
I followed every instruction for enabling 3rd party instructions about 5 dozen times (only a slight exaggeration) and despite 3rd party cookies being enabled or having NOTHING blocked Kaltura still wouldn't load on my school's canvas interface.
Going to about:config and changing network.cookie.sameSite.laxByDefault (a setting mentioned by jscher2000 above, though his suggestion to try to figure out the hosts is seemingly impossible) to false fixed the issue.
I don't know what is going on behind the scenes but none of the recommendations literally anywhere about enabling 3rd party cookies or turning off enhanced tracking protection fixed it. It's apparently a deeper issue than that if we're having to go into about:config to fix it.
This is going to cause a lot of students and professors an immense amount of frustration. I know it caused me at least an hour of torture.
Dee said
Going to about:config and changing network.cookie.sameSite.laxByDefault (a setting mentioned by jscher2000 above, though his suggestion to try to figure out the hosts is seemingly impossible) to false fixed the issue.
Thank you for verifying that. Firefox 96 catches up to Chrome (as of version 80) and Edge (as of version 86) in treating cookies that are not set with the samesite attribute to "Lax" by default (Developer Documentation). If this problem does not occur in Chrome and Edge, hmm, I wonder why not.
I wonder whether the different behavior in Firefox could be caused by lingering older cookies? Hard to test now, but if you want to try it, restore laxByDefault to true and then test in a private window (which should not re-use any of the cookies set in regular windows).
There were no cookies remaining and no cache for about 40 minutes of my attempts, so I doubt that could have been possible. As you said, though, it's hard to test at this point.
Another university instructor here, desperately hoping there is a quick fix implemented for this. Right now my only working solution is to use Edge for anything where I need Kaltura media in Canvas. I have the issue both on my Windows 10 pc as well as using Firefox on my iPhone. I may try the config fix suggested above, but I'm sure students won't.
ETA: I tried both the original format as suggested for the modification of laxByDefault (entered the host names.... I think??) and also tried the approach of setting it to "false". Neither fixed the error for me.
Modified
I am having the same problem only with my bank site.. it was working fine before the update on the 12th...
I did what DEE did:
"Going to about:config and changing network.cookie.sameSite.laxByDefault (a setting mentioned by jscher2000 above, though his suggestion to try to figure out the hosts is seemingly impossible) to false fixed the issue. "
I couldn't figure out the host names but changed that to false and it worked...
My question now is what have I done ... what happens to other sites by doing this? am I opening up another can of worms somewhere?
Why cant mozella fix this?
To summarize:
Firefox 96 made three changes related to cookies:
(1) If the server does not specify the SameSite setting for its cookies, Firefox changed from treating it as SameSite=None (allow serving as a third party cookie) to SameSite=Lax (partially restricts serving as a third party cookie).
This seems to be the one that affects Canvas/Kaltura. However, it turns out to be difficult to find the relevant host names so that you can set an exception for those sites.
It also seems to affect iCloud two-factor authentication. See: https://support.mozilla.org/questions/1364242
(2) If the cookie was set on an HTTPS page, it is not automatically passed to HTTP pages on the same server. In other words, SameSite consider the protocol (scheme) as well as the host name. This is a problem for older sites that use HTTP for most pages but do the login over HTTPS. Example: https://www.reddit.com/r/firefox/comments/s3iych/south_korea_cant_sign_in_to_some_websites_after/
(3) If the server specifies that third party cookies are okay by setting SameSite=None, this is only honored for HTTPS pages, not HTTP pages. I don't know whether this is causing problems on any sites.
For readers in this thread, the temporary workaround is to roll back change #1. Here is how:
(A) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.
More info on about:config: Configuration Editor for Firefox. The moderators would like us to remind you that changes made through this back door aren't fully supported and aren't guaranteed to continue working in the future.
(B) In the search box in the page, type or paste laxByDefault and pause while the list is filtered
(C) Double-click the network.cookie.sameSite.laxByDefault preference to switch the value from true to false
I don't know whether that takes effect immediately or whether you need to quit Firefox and start it up again.
Hopefully we will get a better understanding of how to set exceptions in the future so you can benefit from this change while using other sites.
jscher2000 said
... For readers in this thread, the temporary workaround is to roll back change #1. Here is how:...
I was hopeful but have tried this (including restarting my computer entirely) and it did not fix the issue. Hoping that there is some fix deployed asap.
You can also try to create a cookie allow exception for involved domains.
Don't break your fucking browser. I don't want to start over with a new browser, but I will if you keep breaking third party cookies! No, I'm not going to try your lame work arounds. You broke it, you fix it.
I'm an instructor at UNH with the identical problem, tried everything and nothing worked, wasted an afternoon on it. I started using Edge as my browser last night and it works fine. I'll be happy to go back to Firefox when the problem is fixed.
John
PhD student currently taking 4 classes and teaching 1 - all use canvas and kaltura to some extent and I'm anticipating that to ramp up with the current covid rates forcing a lot of courses online, even if temporarily.
Firefox has always been my browser of choice for school work, and everything was working fine until I installed the updates this morning. I tried the basic fixes, then came here for insight and I am very glad I did because I surely saved myself a ton of headache based on this and other threads.
I have neither the time, nor the confidence in my computer abilities to mess around with this and potentially cause more issues than I am currently dealing with, so it looks like I will be switching up my browser and advising my students to do the same. I hope this is fixed soon, before I am too settled into a new routine so I can continue using Firefox as I have for years.
Jodi
IU School of Public Health, Bloomington
Hi John and Jodi, thank you for your feedback.
This change was intended to match Chrome and Edge, but obviously there is some subtlety that was overlooked in how Canvas and Kaltura exchange data.
If you wouldn't mind doing the experiment, here is how to roll back the "lax by default" change to how it worked in Firefox 95:
(A) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.
More info on about:config: Configuration Editor for Firefox. The moderators would like us to remind you that changes made through this back door aren't fully supported and aren't guaranteed to continue working in the future.
(B) In the search box in the page, type or paste laxByDefault and pause while the list is filtered
Firefox should list two matching preferences:
- network.cookie.sameSite.laxByDefault
- network.cookie.sameSite.laxByDefault.disabledHosts
(C) Double-click the network.cookie.sameSite.laxByDefault preference to switch the value from true to false
I don't know whether that takes effect immediately or whether you need to quit Firefox and start it up again.
Hopefully we will get a better understanding of how to set exceptions in the future (that second preference) so you can benefit from this change while using other sites.