1

I have integrated the SCORM xblock with edx-plaform but I am trying to launch my SCORM course it is giving me an error in chrome console.

scormfunctions.js:38 Uncaught DOMException: Blocked a frame with origin "https://s3.amazonaws.com" from accessing a cross-origin frame.
    at ScanForAPI (https://s3.amazonaws.com/dev-ironwood-edx-uploads/scorm/aea0be6310754d3aab1649c5282bbd29/c8d75aa6c54a807e870b6afd4dd9a817aacaccc3/shared/scormfunctions.js:38:16)

The exception I am sharing above is raising when a javascript function is trying to access the window.variable of the parent window, and browser is blocking that access to prevent clickjacking attacks.

I have tried to search on StackOverflow and other forums but I am unable to find a solution. I have the idea, I will have to play with Content-Security-Policy I will be grateful if anyone can help me in pointing out the header values.

Qasim Khokhar
  • 942
  • 2
  • 9
  • 29
  • 1
    [SecurityError: Blocked a frame with origin from accessing a cross-origin frame](https://stackoverflow.com/questions/25098021/securityerror-blocked-a-frame-with-origin-from-accessing-a-cross-origin-frame) – sideshowbarker Aug 21 '20 at 15:37
  • @sideshowbarker this will not work for me because I am talking about the SCORM packages, and these packages are programmed to access the variable directly. I want a way through I can permit my iframe to do so. – Qasim Khokhar Aug 21 '20 at 16:51
  • If postMessage can’t be used, then there is no other “way through”. It’s not possible to sidestep the restriction. – sideshowbarker Aug 21 '20 at 17:28
  • @QasimKhokhar any solutions for this – oma0256 Nov 12 '20 at 10:08

2 Answers2

1

I had the same problem, so i used reverse nginx proxy for resolving CORS problems, as the respected @Tom advises. Settings for nginx:

proxy_cache_path   /tmp/ levels=1:2 keys_zone=s3_cache:10m max_size=500m
                 inactive=60m use_temp_path=off;

server {
listen  80 default;
server_name scorm.loc; #change if needed
charset     utf-8;
root /var/www/site/public; #change if needed

# max upload size
client_max_body_size 75M;   #change if needed

 location /s3/ {       
    proxy_http_version     1.1;     
    proxy_set_header       Connection "";
    proxy_set_header       Authorization '';
    proxy_set_header       Host s3-eu-west-1.amazonaws.com;  #change if needed
    proxy_hide_header      x-amz-id-2;
    proxy_hide_header      x-amz-request-id;
    proxy_hide_header      x-amz-meta-server-side-encryption;
    proxy_hide_header      x-amz-server-side-encryption;
    proxy_hide_header      Set-Cookie;
    proxy_ignore_headers   Set-Cookie;
    proxy_intercept_errors on;
    add_header             Cache-Control max-age=31536000;
    proxy_pass             http://s3-eu-west-1.amazonaws.com/; #change if needed
}


location /s3_cached/ {
    proxy_cache            s3_cache;
    proxy_http_version     1.1;
    proxy_set_header       Connection "";
    proxy_set_header       Authorization '';
    proxy_set_header       Host s3-eu-west-1.amazonaws.com; #change if needed
    proxy_hide_header      x-amz-id-2;
    proxy_hide_header      x-amz-request-id;
    proxy_hide_header      x-amz-meta-server-side-encryption;
    proxy_hide_header      x-amz-server-side-encryption;
    proxy_hide_header      Set-Cookie;
    proxy_ignore_headers   Set-Cookie;
    proxy_cache_revalidate on;
    proxy_intercept_errors on;
    proxy_cache_use_stale  error timeout updating http_500 http_502 http_503 http_504;
    proxy_cache_lock       on;
    proxy_cache_valid      200 304 60m;
    add_header             Cache-Control max-age=31536000;
    add_header             X-Cache-Status $upstream_cache_status;
    proxy_pass             http://s3-eu-west-1.amazonaws.com/;  #change if needed
}
}

All statics from SCORM package existing on S3 storage will be available on your domain scorm.loc/s3/your_path/your_filename.

Sergey Pavlov
  • 19
  • 3
0

If you control both: The LMS-Server and the Content-server, a common way is to use a reverse proxy.

Tom
  • 316
  • 1
  • 5