- Add 'self' to frame-src in CSP to allow same-origin iframes - Add 'unsafe-eval' to script-src (SCORM packages often use eval) - Add /uploads/scorm/ location that strips frame-blocking headers - SCORM content served without X-Frame-Options or CSP restrictions Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| public | ||
| src | ||
| .dockerignore | ||
| docker-entrypoint.sh | ||
| Dockerfile | ||
| index.html | ||
| nginx.conf | ||
| package-lock.json | ||
| package.json | ||
| vite.config.js | ||