5👍
✅
The CORS headers do not affect the same-origin policy for iframes in Safari.
You can communicate between the frames using postMessage or you could attach a subdomain from mydomain.com to your S3 bucket and relax the same-origin policy by setting document.domain (this method only works to communicate between subdomains of the same domain, it doesn’t work between different domains).
You can learn more about iframes communication from this answer on StackOverflow:
👤dcro
Source:stackexchange.com