Table of Contents |
---|
...
Lessons management of HTML pages
By default, Lessons uses Content Security Policy headers to restrict what an HTML page can do, when the page is loaded from Sakai.
This is a security tradeoff. There are security risks from opening a web page written by someone else. That page can contain Javascript, which will execute with your own permissions. For this reason, by default Sakai will not open web pages in Resources. If you click on an HTML file there, it will download. We considered this inaccessible for Lessons, since the whole point of Lessons is to present content online. But we still had to deal with the security problem. So the page is served with an HTTP header that causes browsers to open the page in a “sandbox.” This restricts what the page can do.
This is new in 11. In Sakai 10, Lessons would simply open any HTML page specified.
You can restore the Sakai 10 behavior by adding the following to sakai.properties:
lessonbuilder.use-csp-headers=false
The recommended approach for dealing with this security risk is to use Sakai’s content domain support. This causes HTML pages stored in resources to be served from a different hostname than the main Sakai hostname. E.g. if your institution uses sakai.univ.edu, you might use content.sakai.univ.edu for content, resulting in URL such as https://content.sakai.univ.edu/access/content/group …. Using a separate domain prevents web pages from executing with your Sakai privileges. Thus if you are using a separate content domain, Lessons does not add the Content Security Policy headers.
Note that it is up to the browser to enforce Content Security Policy. Safari, Chrome, and Edge do. Firefox does not. Thus Firefox users are still at risk when opening HTML pages in Lessons. I believe IE 10 and 11 also support it.
Dashboard not included
The Dashboard tool, new for Sakai 11, has not been included in the 11.0 release because too many technical issues existed and not enough person-power to address them in time for the release.
...
STEP (Samigo Test and Quizzes Enhancement Project) feature to allow different delivery settings for specific sections, groups, and individuals , did not make it into Sakai 11.0 due to issues with the Auto Submit feature and data storage and retrieval issues. We are hoping to have this go into a later 11.x maintenance release. Jira Legacy server SakaiSystem JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 66e9c5b597e0cfea-d22cfe72-30a2310f-a9d4a179-703f4354570c8363adfc350a key SAM-1408
A number of other features were delivered as a result of STEP for 11.0 including:
Jira Legacy server SakaiSystem JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 66e9c5b597e0cfea-d22cfe72-30a2310f-a9d4a179-703f4354570c8363adfc350a key SAM-1369
Jira Legacy server SakaiSystem JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 66e9c5b597e0cfea-d22cfe72-30a2310f-a9d4a179-703f4354570c8363adfc350a key SAM-1263
Jira Legacy server SakaiSystem JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId 66e9c5b597e0cfea-d22cfe72-30a2310f-a9d4a179-703f4354570c8363adfc350a key SAM-1596
Features on by default in Sakai 10, turned off by default in Sakai 11
Release | Tool/Service | Ticket | Notes | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
11.0 | Samigo Test and Quizzes |
| The Extended Matching Question type has been turned off by default. A number of issues have surfaced that need attention. See https://jira.sakaiproject.org/issues/?filter=15806 | ||||||||||
11.0 | Samigo Test and Quizzes |
| Assessment Templates are confusing. Once a Template is used, certain settings may be unavailable to the instructor. For this reason Assessment templates have been turned off by default. You can turn it on by setting samigo.showAssessmentTypes= true in sakai.properties. |
...
Release | Tool/Service | Ticket | Notes | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
11.0 | Site |
| # Allow a specific icon for sites. Should we allow sites to supply a specific icon for their site. | ||||||||||
11.0 | Calendar |
| # calendar.external.subscriptions.enable=false | ||||||||||
11.0 | Calendar |
| ical.opaqueurl.subscribe | ||||||||||
11.0 | Content |
|
Highly recommended settings to override default values
Release | Tool/Service | Ticket | Notes | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
11.0 | HikariCP |
| In Oracle 11c, the default maximum number of database connections in the connection pool may be too low for a production server. This setting and others for HikariCP can be configured in kernel/kernel-component/src/main/webapp/WEB-INF/db-components.xml, or overridden in sakai.properties in the form: maximumPoolSize@javax.sql.BaseDataSource=50 | ||||||||||
11.0 | Feedback tool |
| # ###################################### # SAK-29271 Feedback Tool Properties # ###################################### # Recipient address that will receive the contact emails # feedback.technicalAddress = someaddress@institution.org # Enable/Disable the content panel # DEFAULT: true # feedback.show.content.panel = false # Enable/Disable the help panel # DEFAULT: true # feedback.show.help.panel = false # Enable/Disable the technical panel # DEFAULT: true # feedback.show.technical.panel = false # Enable/Disable the suggestions panel # DEFAULT: true # feedback.show.suggestions.panel = false # Configure the help link destination (Sakai help by default) # feedback.helpPagesUrl = /portal/help/main # Configure the help link target # feedback.helpPagesTarget = _blank # Configure the helpdesk destination # feedback.helpdeskUrl = https://helpdesk.institution.org # Configure the suggestion link destination # feedback.featureSuggestionUrl = https://suggestions.institution.org # Add supplementary information at the right side of the tool # feedback.supplementaryInfo = Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum # Maximum size for the feedback attachments. This value should be lower than content.upload.max value, if it's higher the tool will use content.upload.max value # feedback.attach.max = 10 |
...
Release | Tool/Service | Ticket | Notes | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
11.0 | Assignments |
| The default number of decimal places for grading in Assignments is 2, expanded from 1. | ||||||||||
11.0 | Dropbox |
| New for 11. |
Sakai 11 skins using Morpheus
...