ylqjgm
/
canvas-lms
mirror of https://github.com/instructure/canvas-lms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
canvas-lms/lib/canvadocs
History
Jen Smith 8bf563ae4d ask DocViewer to return a session token with a JTI claim 
If feature flag 'enhanced_docviewer_url_security'
(Enhanced DocViewer URL Security) is on, when requesting
DocViewer to create a token for the view url, pass a
parameter that tells DocViewer to create a single use
launch token with a JTI claim (nonce). This JTI claim is
used by DocViewer to prevent reuse of the launch url.

closes CAS-1510

flag = enhanced_docviewer_url_security

Test Plan:
  Tests pass

Change-Id: Idb0d7b0af0ddf457261e000e174449bec028b683
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/329045
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
Reviewed-by: Alex Slaughter <aslaughter@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Juan Leyva <juan.leyva@instructure.com>
Product-Review: Juan Leyva <juan.leyva@instructure.com>
 		2023-10-04 17:38:37 +00:00
..
session.rb ask DocViewer to return a session token with a JTI claim 2023-10-04 17:38:37 +00:00