The SCORM xblocks starting with openedx-scorm-xblock version 18 cannot load because they require the X-Frame-Options header to be set to SAMEORIGIN for scorm related URLs, e.g. studio.edx.org/media/scorm/........
This setting is set to DENY on edx-platform cms and lms via the setting X_FRAME_OPTIONS.
This PR extends django's XFrameOptions middleware to override the cms or lms django setting via an override setting called X_FRAME_OPTIONS_OVERRIDES = [[regex, header_value]] where regex is a regex that matches urls to override and header_value is one of DENY, SAMEORIGIN, ALLOW.
How to test:
Since this is a library, the automatic tests should suffice.
If you still want to test it with edx-platform to make sure it doesn't break anything, let me know and I can walk you through it.
Description:
The SCORM xblocks starting with openedx-scorm-xblock version 18 cannot load because they require the
X-Frame-Options
header to be set toSAMEORIGIN
for scorm related URLs, e.g.studio.edx.org/media/scorm/.......
. This setting is set toDENY
on edx-platform cms and lms via the settingX_FRAME_OPTIONS
.This PR extends django's XFrameOptions middleware to override the cms or lms django setting via an override setting called
X_FRAME_OPTIONS_OVERRIDES = [[regex, header_value]]
where regex is a regex that matches urls to override and header_value is one ofDENY
,SAMEORIGIN
,ALLOW
.How to test:
Since this is a library, the automatic tests should suffice.
If you still want to test it with edx-platform to make sure it doesn't break anything, let me know and I can walk you through it.