There is now a beta version of Chameleon iFrame support available. This beta allows for Chameleon Tours and experiences to appear across iframes with different domains (both subdomains and primary domains).
Please message Chameleon Support to request to be included in this beta.
Posted Feb 13, 2024 - 07:38 PST
Identified
Impact: If your use of Chameleon depends on selecting page elements that reside within iframes, those specific Chameleon Experiences may not not be running correctly.
Working: Main page is app.acme.com and the iframe is app.acme.com Not working: Main page is app.acme.com and the iframe is content.acme.com
Further context is that prior to Chrome 115, iframes on the same origin (e.g. app.acme.com and content.acme.com) allowed their content is be accessible to the parent page. Chameleon uses this same-origin access pattern to find and attach Chameleon Experiences to the element found within an iframe. However, starting in Chrome 115, Google removed support for modifying a property called `document.domain` which permits this behavior. Now, because Google has disabled this feature, Chameleon cannot currently directly access content of iframes with subdomains that differ from the parent page.
The Chameleon team is working quickly to restore full support for same-origin iframes. We plan to ship an early version of this to impacted customers in the coming days. If you are using iframes in the way described above, please reach out to your account manager or hello@chameleon.io let us know. Also indicate if you want to be added to the iframe feature preview when it's ready.
Workaround: In the meantime, the workaround is to match the domain of the content inside an iframe with the content outside of the iframe (referenced as "Working:" above). Some teams we're in contact with have had success in simply proxying their iframed content through the same domain as their main page (let us know if you want more information on how to do this).