We are having the same issue. Setup has been verified. Just spinning wheel at the Sketchup logo. This feels like an age restriction issue. I moved a test student under my staff OU and was able to run the program. But that cannot be the fix to this solution. If you need to whitelist our domain, please do so. clarkston.k12.mi.us
Hi again @arharrison, I can verify that you have been added to the database correctly and that everything is working on our end. I have a guess as to the issue but I can’t be sure without more information. Are you using Google or Microsoft to deploy the app?
I put the test user in an OU that allows developer tools and it looks like some things are being blocked by GoGuardian related to this: Content security policy | Articles | web.dev I do have the site opened in GoGuardian but am unsure what all I need to open that would allow this to work. Something must have changed recently because this app was working a couple of weeks ago.
Hi again @arharrison, thanks for the info. I just got word that we rolled out a fix that may help address the issue with SketchUp for Schools that you are having. It will require you to go through some additional steps though. Please follow the directions listed here: Google Update to App Review for Under 18 Users - How to make sure your apps are accessible
If that fixes it then we are all set but if it does not, please let me know and I’ll ask our expert for some additional advice.
Sketchup is not listed in the extra services area. So I am unable to take these steps. Did Sketchup do an update related to: Content Security Policy? It seems GoGuardian is blocking some style attributes (I think). Do you have a white list of everything that needs to be open for your app to work? Again, something changed a couple of weeks ago, but I don’t know if it was on your side or GoGuardian’s side.
- The Content Security Policy (CSP) prevents cross-site scripting attacks by blocking inline execution of scripts and style sheets.
To solve this, move all inline scripts (e.g. onclick=[JS code]) and styles into external files.
Allowing inline execution comes at the risk of script injection via injection of HTML script elements. If you absolutely must, you can allow inline script and styles by:
- adding
unsafe-inlineas a source to the CSP header - adding the hash or nonce of the inline script to your CSP header.
Affected Resources
40 directives
The 40 Directives are just saying:
style-src-attr blocked.goguardian.com/:235
style-src-attr blocked.goguardian.com/:236
etc.
Here is what I found. While in developer mode, I saw that the program was trying to run a style sheet or script or something that was going to a url with “apiproxy…”. In GoGuardian, one of their recommended blocks is to block *proxy to prevent students from getting to some proxy sites. I removed this block in GoGuardian which solved some of the errors. There was another error about scripting so I checked GoGuardian to see what I was blocking there. At some point, we blocked script.google.com (for reasons that escape me now). I removed this from the block list in GoGuardian and now I am able to access the site.
1 Like
This is great work, @arharrison - this worked for us as well!!