Extend configuration for session riding Change-Id: I3d3fb3f71d59d106f9fcdf47e5b1fea9094dc0a4

commit: 6e9de0ed35c321bfc64f3e9056b70d549d4ac981 [log] [tgz]
author: Akron <nils@diewald-online.de> Thu Jan 26 11:36:10 2023 +0100
committer: Akron <nils@diewald-online.de> Tue Apr 04 16:59:23 2023 +0200
tree: a62834d9a8f1a83405adcc2164e6581b27fc9a20
parent: 9684089fdbc4f01f3ad9b3e2aea270e784be8bc0 [diff]
diff --git a/README.md b/README.md
index 9c2cef2..a8a6238 100644
--- a/README.md
+++ b/README.md

@@ -92,6 +92,21 @@
 An [example demo](https://github.com/KorAP/Kalamar/blob/master/dev/demo/export.html)
 showcases the embedded plugin.
 
+At the moment the integration reuses the session of the host service.
+To make this possible, the [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP)
+of Kalamar needs to be extended to include the whole domain that
+hosts both services (at the moment it's not possible to host the service on a different domain).
+If the domain is, e.g., `ids-mannheim.de`, the configuration in the Kalamar configuration
+file needs to be:
+
+```perl
+{
+  CSP => {
+    'frame-src' => 'self',
+    'frame-ancestors' => ['self','https://*.ids-mannheim.de/']
+  }
+}
+```
 
 ## Customization
commit	6e9de0ed35c321bfc64f3e9056b70d549d4ac981	[log] [tgz]
author	Akron <nils@diewald-online.de>	Thu Jan 26 11:36:10 2023 +0100
committer	Akron <nils@diewald-online.de>	Tue Apr 04 16:59:23 2023 +0200
tree	a62834d9a8f1a83405adcc2164e6581b27fc9a20
parent	9684089fdbc4f01f3ad9b3e2aea270e784be8bc0 [diff]