I have a web page with a single iframe in the body.

<!DOCTYPE html>
<html>
<head>
    <meta charset="UTF-8">
    <meta name="author" content="${cross_identifier}">
    <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
    <link rel="icon" type="image/x-icon" href="favicon.ico"/>
    <link rel="stylesheet" href="index.css">
    <script src="${CMAKE_PROJECT_NAME}.js"></script>
    <title>${cross_target}</title>
</head>
<body>
    <iframe id="web_view"></iframe>
</body>
</html>

A JS function sets the src of the iframe:

document.getElementById('web_view').src = 'assets/' + page + '.htm';

My app works fine in Edge, Firefox, and Chrome but not in Safari:

1. Open the app, it works fine for the first time. It even works if I refresh the working page.
2. open the app in a new tab or new window, it gives The frame being accessed is sandboxed and lacks the "allow-same-origin" flag. error in the line that sets src attribute.
3. Clear history of safari.
4. Open the app again and it works.

Not sure if related, but my project has wasm file as well and cross origin headers are set like:

• Cross-Origin-Opener-Policy same-origin
• Cross-Origin-Embedder-Policy require-corp

for all files.

Setting Cross-Origin-Resource-Policy same-origin didn't help.

Setting X-Frame-Options SAMEORIGIN didn't help.

Link of my app (hope you enjoy playing)