[Koha] Allowing cross-origin scripting. Anyone doing that?

[Raymund Delahunty]

We have been asked to allow interactive activities, where students can interact with the OPAC with the application Libwizard (from Springshare) embedded. I understand Libwizard can offer a number of experiences including a quiz-type one or a guided learning one. Our Koha server has been configured to decline CORS (cross-origin scripting requests) by default, and our support company is wary of switching it on, and our university cyber security folk are... less than enthusiastic as this stage too. Has anyone enabled CORS in such as way as we are being asked to? Apparently one (safer?) option would be to set up a secondary domain, with the CORS security mechanism (plus a few other things) disabled. Before we even our support company about that I thought I'd ask if anyone has done what we are being asked to do?

.

This email and any attachments are intended solely for the addressee and may contain confidential information. If you are not the intended recipient of this email and/or its attachments you must not take any action based upon them and you must not copy or show them to anyone. Please send the email back to us and immediately and permanently delete it and its attachments. Where this email is unrelated to the business of University of the Arts London or of any of its group companies the opinions expressed in it are the opinions of the sender and do not necessarily constitute those of University of the Arts London (or the relevant group company). Where the sender's signature indicates that the email is sent on behalf of UAL Short Courses Limited the following also applies: UAL Short Courses Limited is a company registered in England and Wales under company number 02361261. Registered Office: University of the Arts London, 272 High Holborn, London WC1V 7EY