A recent question that came in through a support ticket...
We would like to run some functions in an iframe around SCORMcloud (help etc). Is it possible to run SCORMcloud in an iframe?
And my response...
Sort of funny / serendipitous that you would ask about this, as we were just fretting over it yesterday. Here's the answer, which unfortunately presents a problem: The only option we currently have for protecting access to the course content on SCORM Cloud is using a browser cookie as an authorization token on launch. Long story short, it simply means your browser has to support cookies and accept them from cloud.scorm.com in order to launch the content hosted there. This is typically fine with most setups, since most will simply redirect the user to our launch process / course player, and then the user is redirected to a URL of your choosing at the end... So, if the things you want to do in an iframe don't involve the actual launch of a course, you may be able to interact with the web services without much problem.
But.... if you're looking to launch the SC course in an iframe, the cookie we need to set during the launch process becomes what is known as a 3rd party cookie, which most browsers _do not_ accept by default. You can change the settings for accepting these cookies in all modern browsers, but we see that as only a partial answer to the problem, since it requires a big imposition on the users launching the course. Also, if you're referring to the SCORM Cloud site, not necessarily the web services, it also uses a cookie to provide session information, and will also not work in an iframe for the issue stated above. To summarize, if you're not using the SC site or launching courses in an iframe, you should be fine, but because both of these things require cookies, they'll require browser settings to allow 3rd party cookies if you want to host them in iframes that exist on some other domain.
One last detail is that, framesets + frames appear to be free of this problem, so if you wanted to have the site or the launch process in a frame element of a frameset, vs. an iframe, there should be no issues with the cookies that we set.
The good news is that, it shouldn't be typical practice to do either of those things (site or launch) through an iframe, and we've had plenty of success without needing them. Typically the user is redirected in a browser to the launch process, either in the same window or a pop up window, and in either case they can be redirected to the right place when they exit the course. Of course, your requirements may be unique, but I think what is available may serve them. If you don't mind, feel free to provide more details about what you're working on, and we can talk through our options... Thanks for the question!