CORS restrictions may affect contenteditable in cross-origin iframes

SO: macOS 14.0 Dispositivo: Desktop or Laptop MacBook Pro Navegador: Safari 17.0 Teclado: US Borrador

corsiframesecuritysafarimacos

Esta página aún no ha sido traducida

Actualmente se muestra el contenido original en inglés. Agradecemos su contribución a la traducción.

Contribuir a la traducción Ver original en inglés

Phenomenon

When a contenteditable element is inside a cross-origin iframe, CORS restrictions may prevent certain operations. Accessing the contenteditable from the parent frame may be blocked, and some editing operations may be restricted.

Reproduction example

Create a page with a cross-origin iframe.
Inside the iframe, create a contenteditable div.
Try to access the contenteditable from the parent frame.
Try to programmatically modify the content.
Observe any CORS-related errors or restrictions.

Observed behavior

In Safari on macOS, CORS restrictions apply to cross-origin iframes.
Accessing contenteditable content from parent frame may be blocked.
Some operations may be restricted due to same-origin policy.
Error messages may not be clear.

Expected behavior

CORS restrictions should be clearly documented.
Or, there should be a standard way to work with cross-origin contenteditable.
Error messages should be helpful.

Playground for this case

Use the reported environment as a reference and record what happens in your environment while interacting with the editable area.

Reported environment

OS: macOS 14.0

Device: Desktop or Laptop MacBook Pro

Browser: Safari 17.0

Keyboard: US

Your environment

OSDeviceBrowserKeyboard

Use this editable area to reproduce the described case.

Event log

Use this log together with the case description when filing or updating an issue.

0 events

Interact with the editable area to see events here.