diff --git a/DeepDrftPublic.Client/Pages/FramePlayer.razor b/DeepDrftPublic.Client/Pages/FramePlayer.razor index 177c406..24b1ab6 100644 --- a/DeepDrftPublic.Client/Pages/FramePlayer.razor +++ b/DeepDrftPublic.Client/Pages/FramePlayer.razor @@ -5,6 +5,7 @@ @page "/FramePlayer" @layout EmbedLayout +@rendermode InteractiveWebAssembly diff --git a/DeepDrftPublic/Program.cs b/DeepDrftPublic/Program.cs index 695d6ed..8add77d 100644 --- a/DeepDrftPublic/Program.cs +++ b/DeepDrftPublic/Program.cs @@ -77,6 +77,9 @@ else } } +// CORS policy registered for hygiene and potential direct cross-origin API consumers. +// The FramePlayer embed use case does not require this: WASM inside a cross-site iframe +// fetches to the same deepdrft.com origin, so all API calls are same-origin. app.UseCors("FramePlayerEmbedPolicy"); // For requests to /FramePlayer, remove any X-Frame-Options header and set a permissive