I have web page with an iframe inside it:
<?php
header('Cross-Origin-Opener-Policy: same-origin');
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<iframe src="assets/html/menu.htm"></iframe>
</body>
</html>
It works fine in firefox.
If I add
header('Cross-Origin-Embedder-Policy: require-corp');
Firefox doesn't show the iframe content. Error:
Blocked Page
An error occurred during a connection to <domain>.
I need both headers to enable crossOriginIsolated.
The iframe and the main page have the same origin, why firefox doesn't show iframe content after adding second header?
Using object tag instead of iframe tag solved the problem:
<?php
header('Cross-Origin-Opener-Policy: same-origin');
header('Cross-Origin-Embedder-Policy: require-corp');
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<object data="assets/html/menu.htm"></object>
</body>
</html>