From 4ccf99cef9553c9e5d63ef8e3432bd3487d7eaa4 Mon Sep 17 00:00:00 2001
From: Elmar Kresse <elmar.kresse@stud.htwk-leipzig.de>
Date: Fri, 20 Sep 2024 10:34:16 +0200
Subject: [PATCH] add frame ancestors description for iframe setup

---
 content/deployment.asciidoc | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/content/deployment.asciidoc b/content/deployment.asciidoc
index 3d3e9ad..8ddb8bc 100644
--- a/content/deployment.asciidoc
+++ b/content/deployment.asciidoc
@@ -50,6 +50,14 @@ All data used by CodeOcean is stored in a Postgres database which is mounted
 - `server.address` to `0.0.0.0`
 - `nomad.address` to `host.docker.internal`
 
+For embedding and Usage of CodeOcean as LTI Integration in edX you have to configure the Content Security Policy in the `codeocean/config/initializers/content_security_policy.rb` file. The following lines have to be added:
+```
+policy.frame_ancestors      :self, 'https://*.htwk-leipzig.de'
+```
+
+You can define the allowed domains for embedding CodeOcean in other websites. The `:self` option allows embedding in the same domain. The `*.htwk-leipzig.de` option allows embedding in all subdomains of htwk-leipzig.de. This step has to be done before building the Docker containers.
+
+
 The rest seems to be left unchanged...
 
 ==== Checking access to CodeOcean ====