CORS restrictions may affect contenteditable in cross-origin iframes

操作系统: macOS 14.0 设备: Desktop or Laptop MacBook Pro 浏览器: Safari 17.0 键盘: US 草稿

corsiframesecuritysafarimacos

此页面尚未翻译

目前显示的是英文原文。欢迎您参与翻译工作。

Phenomenon

When a contenteditable element is inside a cross-origin iframe, CORS restrictions may prevent certain operations. Accessing the contenteditable from the parent frame may be blocked, and some editing operations may be restricted.

Reproduction example

Create a page with a cross-origin iframe.
Inside the iframe, create a contenteditable div.
Try to access the contenteditable from the parent frame.
Try to programmatically modify the content.
Observe any CORS-related errors or restrictions.

Observed behavior

In Safari on macOS, CORS restrictions apply to cross-origin iframes.
Accessing contenteditable content from parent frame may be blocked.
Some operations may be restricted due to same-origin policy.
Error messages may not be clear.

Expected behavior

CORS restrictions should be clearly documented.
Or, there should be a standard way to work with cross-origin contenteditable.
Error messages should be helpful.

Playground for this case

Use the reported environment as a reference and record what happens in your environment while interacting with the editable area.

Reported environment

OS: macOS 14.0

Device: Desktop or Laptop MacBook Pro

Browser: Safari 17.0

Keyboard: US

Your environment

OSDeviceBrowserKeyboard

Use this editable area to reproduce the described case.

Event log

Use this log together with the case description when filing or updating an issue.

0 events

Interact with the editable area to see events here.