fix: force FramePlayer to WASM-only render mode; document CORS policy intent
This commit is contained in:
@@ -5,6 +5,7 @@
|
|||||||
|
|
||||||
@page "/FramePlayer"
|
@page "/FramePlayer"
|
||||||
@layout EmbedLayout
|
@layout EmbedLayout
|
||||||
|
@rendermode InteractiveWebAssembly
|
||||||
|
|
||||||
<AudioPlayerBar Fixed />
|
<AudioPlayerBar Fixed />
|
||||||
|
|
||||||
|
|||||||
@@ -77,6 +77,9 @@ else
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// CORS policy registered for hygiene and potential direct cross-origin API consumers.
|
||||||
|
// The FramePlayer embed use case does not require this: WASM inside a cross-site iframe
|
||||||
|
// fetches to the same deepdrft.com origin, so all API calls are same-origin.
|
||||||
app.UseCors("FramePlayerEmbedPolicy");
|
app.UseCors("FramePlayerEmbedPolicy");
|
||||||
|
|
||||||
// For requests to /FramePlayer, remove any X-Frame-Options header and set a permissive
|
// For requests to /FramePlayer, remove any X-Frame-Options header and set a permissive
|
||||||
|
|||||||
Reference in New Issue
Block a user