I have been trying to embed a Nintex 2016 Form in an iframe on a non-SharePoint web-page and receiving the following error in console.
Uncaught SecurityError: Failed to read a named property 'SP' from 'Window': Blocked a frame with origin "https://myexamplesite.net.au" from accessing a cross-origin frame.
at $_global_init (init.js?rev=RHfoRxFuwXZ%2BOo2JABCoHA%3D%3DTAG0:1:42957)
at init.js?rev=RHfoRxFuwXZ%2BOo2JABCoHA%3D%3DTAG0:1:280872
Has anyone seen this or has used a fix for this security block?
An online search of this issue indicates SharePoint pages (especially classic pages, forms, and the Nintex Workflow/Forms) often use JavaScript that calls window.parent.SP, so the browser’s same-origin policy prevents it from accessing JavaScript objects in another domain, protocol, or port.
Adding Content-Security-Policy-Report-Only to web.config has not fixed the issue.This seems to be a new JavaScript call in Sharepoint 2016 as this worked in Sharepoint 2013.