How to bypass SCORM cross-domain JavaScript restrictions, aka the same-origin policy

 

Get a 1-on-1 walkthrough
of our distribution solutions.

 

Overview   |   Products   |   Use Cases
Case Study   |   DIY

Looking for a way to keep courses on your servers but deliver them to other LMSs? Since SCORM requires that the content and player reside in the same domain, you’ll need to bypass cross-domain JavaScript restrictions.

Managing eLearning content distribution on your own requires three things: a central location to host your content, the ability to bypass the same-origin policy and eLearning standards expertise.

How to create your own eLearning content distribution solution:

  1. Centrally host your eLearning content
  2. Bypass the same-origin policy’s browser cross-domain JavaScript restrictions
  3. Gain eLearning standards expertise
  4. Get inspired by an existing content distribution solution

Centrally host your eLearning content

In order to control and understand eLearning content that plays across platforms, first centrally host your course and distribute it via proxy files. This way, whenever you update training in your central system, it will automatically update across LMSs.

Bypass SCORM’s browser cross-domain JavaScript restrictions in one of two ways:

  1. The first way, which is better, is through HTML5 postMessage, which allows you to send data messages between two windows/frames across domains. The challenge with this option is that it doesn’t work with older browsers (you can see which versions postMessage works with here).
  2. The second option is to pass messages by creating a hidden frame in the receiving domain and setting its ‘location.hash’ from the sending domain, which works with older browsers. This is, however, a bit of an old-school hack. This option is a moving target because browsers often change rules around how cross-domain JavaScript is allowed.

Gain eLearning standards expertise

You need expertise in eLearning standards to properly address technical challenges in content delivery. Make sure you can conform to various eLearning standards including SCORM 1.2, SCORM 2004, xAPI, cmi5 and AICC and that you keep up to date as changes are made or new standards are released.

Get inspired by an existing solution

At Rustici Software, we offer a few solutions that bypass SCORM’s cross-domain JavaScript restrictions to help you play content in third-party platforms. If you want to check out one of our products for free, SCORM Cloud’s Dispatch feature lets you centrally host, manage and track content across platforms.

Have questions about how this stuff works? Reach out and we’ll see how we can help you figure it out.

Click to Hide Advanced Floating Content

Coming soon!

SCORM.com's same great content is getting a brand new look.

Subscribe to be the first to hear of the relaunch.