iframe from same origin doesn't load with Cross-Origin-Embedder-Policy: require-corp

Question

iframe from same origin doesn't load with Cross-Origin-Embedder-Policy: require-corp

1.6k views Asked by Null At 15 September 2024 at 09:17

I have web page with an iframe inside it:

<?php
header('Cross-Origin-Opener-Policy: same-origin');
?>
<!DOCTYPE html>
<html>
<head>
    <meta charset="UTF-8">
</head>
<body>
    <iframe src="assets/html/menu.htm"></iframe>
</body>
</html>

It works fine in firefox.

If I add

header('Cross-Origin-Embedder-Policy: require-corp');

Firefox doesn't show the iframe content. Error:

Blocked Page

An error occurred during a connection to <domain>.

I need both headers to enable crossOriginIsolated.

The iframe and the main page have the same origin, why firefox doesn't show iframe content after adding second header?

Original Q&A

There are 1 answers

**Null** · Accepted Answer · 2020-11-24 16:35:04

Using object tag instead of iframe tag solved the problem:

<?php
header('Cross-Origin-Opener-Policy: same-origin');
header('Cross-Origin-Embedder-Policy: require-corp');
?>
<!DOCTYPE html>
<html>
<head>
    <meta charset="UTF-8">
</head>
<body>
    <object data="assets/html/menu.htm"></object>
</body>
</html>

TechQA.

iframe from same origin doesn't load with Cross-Origin-Embedder-Policy: require-corp

There are 1 answers

Related Questions in IFRAME

Related Questions in CROSS-ORIGIN-EMBEDDER-POLICY

Related Questions in CROSS-ORIGIN-OPENER-POLICY

Popular Questions

Popular Tags

Trending Questions