I have a website running on, lets say web.test.company.cloud, which has en iframe from another sub domain on the same top level domain: tasks.test.company.cloud. The iframe uses postMessage to tell the parent document about its height in pixles.
When I open this page in Safari there's a console error saying:
Blocked a frame with origin "https://tasks.test.company.cloud" from accessing a frame with origin "https://web.test.company.cloud". Protocols, domains, and ports must match
It seems that Safari is the only major browser that does this. I find this strange since both documents do share both protocol, domain, and port. While reading about this issue I haven't found any workarounds, so any help on this is appreciated.
Also, will I have the same error in production where parent is running on company.cloud while the iframe is on tasks.company.cloud?
This is late, but you may find this post informative:
Safari LocalStorage not shared between IFrames hosted on same domain
In particular, the top answer on ITP might help explain what's happening:
https://stackoverflow.com/a/64018207
It includes a link to this article about the storage access API:
https://webkit.org/blog/8124/introducing-storage-access-api/
The section on sandboxed iframes is intriguing, i.e.
<iframe sandbox="allow-storage-access-by-user-activation allow-scripts allow-same-origin"></iframe>
While going into Safari->Preferences->Privacy and unchecking "Website Tracking: prevent cross-site tracking" isn't much of a solution, I found it temporarily helpful during troubleshooting when trying to narrow down the issue. Best of luck!