I am getting cross-origin frame error while adding addEventListener to the iframe.
Uncought: DOMException: Blocked a frame with origin "https://XXXXXXXX.web.app" from accessing a cross-origin frame.
Tried hard by setting Referrer Policy: strict-origin-when-cross-origin, X-XSS-Protection: 0;, and cross-origin-resource-policy: cross-origin on the page header that is to be loaded in the iframe. but did not get any success.
Basically, the page that is to be loaded is from the admin app that is hosted on firebase hosting. and one of its view needs to be loaded in the customer portal app in an iframe.
admin page will send post message to parent (customer portal) and also capable of receiving post messages.
Seems to be a very common use case of 2way communication between 2 applications hosted on different domain.
I have tried firebase hosting iframe error with X-Frame-Options and firebase hosting blocking script due to CORS issue
Also iframe has set the sandbox attribute as allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation allow-top-navigation-by-user-activation allow-same-origin allow-forms allow-pointer-lock
but nothing worked.
Please suggest what should I try next.
Thanks in advance!
