I'm trying to store my system's SORM packages on AWS and I'm facing a CORS issue that I don't know how to solve. I created an S3 bucket where I stored all the uncompressed SCORM files. After that, I allowed access to these files on CloudFront for the web. The link generated by CloudFront works perfectly when accessed directly. However, when I add the link in the PlayerScorm iframe, most of the files are blocked due to CORS configuration.
I've tried the solutions suggested in other related questions here on Stack Overflow, but I haven't been successful. Could someone teach me how to configure this on AWS CloudFront?
12/12/23 Updating... I guess the CORS is not the unique problem. I've tried to solve this in so many ways that I no longer know exactly what I'm doing. I left logic aside and was already trying and error. The infrastructure team has tried different ways to configure AWS, but nothing seems to work. From what I've been researching, RusticSoftware created a solution for this by placing a proxy between the player and the file server where the scorm courses are located.
What I'm trying to do is the following: I have an LSM on an ec2 with a domain mylms.com This LSM has a scorm player that responds like this: mylms.com/player.php?scorm= This player points the iframe to a CloudFront link aws.cloudfront.com/link/to/scorm/content/
The CloudFront link links to an s3 bucket where the scorm course files are available.
When I point to the files locally (within the mylms.com server) everything works. When I point to CloudFront, the browser generates several CORS and Cross-domain errors.
Unfortunately, the problems only start with CORS. Unless your SCORM player lives on the same domain domain (or same parent domain, with quirks) as the Cloudfront environment, it will fail to play. SCORM courses all use Javascript to look into the parent frames and/or windows to search for a special Javascript object presented by the LMS (
APIin SCORM 1.2, orAPI_1484_11in SCORM 2004) in order to operate. If your Cloudfront contents are a separate domain, this will cause browser security exceptions that you can't get around.Easiest way forward is to serve both your application and the SCORM content through the same domain (since you're using Cloudfront, you could front all of it there and just fork the traffic to the webapp environment and the SCORM storage by path) and you will avoid this issue.