Use the glide.ui.concourse.onmessage_enforce_same_origin property to enable cross-origin communication between iframes.

Openframe can only process messages from trusted domains that are specified in the glide.ui.concourse.onmessage_enforce_same_origin_whitelist property. To learn more, see Enable URL allowlist for cross-origin iframe communication.

More information

Attribute	Description
Property name	glide.ui.concourse.onmessage_enforce_same_origin
Configuration type	System Properties (/sys_properties_list.do)
Data type	boolean
Category	Access control
Purpose	To enable inclusion listing of trusted domains, so they can communicate between iframes for openframe.
Recommended value	true
Default value	true
Security risk rating	4.2
Functional impact	If you do not inclusion list intended domains, the ability to embed other pages within ServiceNow AI Platform instances may be limited.
Security risk	(High) If a web page contains event handlers that do not perform proper origin validation, a web page, or script from any origin, can communicate with it. It can also initiate any functionality performed by the event handler.
References	OpenFrame overview

To learn more about adding or creating a system property, see Add a system property.