iframe from same origin doesn't load with Cross-Origin-Embedder-Policy: require-corp

1.6k Views Asked by Null At 09 November 2025 at 02:45

I have web page with an iframe inside it:

<?php
header('Cross-Origin-Opener-Policy: same-origin');
?>
<!DOCTYPE html>
<html>
<head>
    <meta charset="UTF-8">
</head>
<body>
    <iframe src="assets/html/menu.htm"></iframe>
</body>
</html>

It works fine in firefox.

If I add

header('Cross-Origin-Embedder-Policy: require-corp');

Firefox doesn't show the iframe content. Error:

Blocked Page

An error occurred during a connection to <domain>.

I need both headers to enable crossOriginIsolated.

The iframe and the main page have the same origin, why firefox doesn't show iframe content after adding second header?

Original Q&A

There are 1 best solutions below

Null On 24 November 2020 at 16:35 BEST ANSWER

Using object tag instead of iframe tag solved the problem:

<?php
header('Cross-Origin-Opener-Policy: same-origin');
header('Cross-Origin-Embedder-Policy: require-corp');
?>
<!DOCTYPE html>
<html>
<head>
    <meta charset="UTF-8">
</head>
<body>
    <object data="assets/html/menu.htm"></object>
</body>
</html>

iframe from same origin doesn't load with Cross-Origin-Embedder-Policy: require-corp

There are 1 best solutions below

Related Questions in IFRAME

Related Questions in CROSS-ORIGIN-EMBEDDER-POLICY

Related Questions in CROSS-ORIGIN-OPENER-POLICY

Trending Questions

Popular # Hahtags

Popular Questions