5:12pm 6th September 2016
I think that probably you have in your config.xml the following tag.
<access origin="*" />
as described here https://cordova.apache.org/docs/en/latest/guide/appdev/whitelist/ you could restrict the cross domain policy to specified domains used as value of the property "origin" instead of using a wildcard.
So if you are using the wildcard value, this should be the desired behaviour.
7:40pm 12th October 2016
I Believe that the safer way to communicate between frames is
postMessage as described in MDN, do it in a different way could cause inconsistency between devices (Remember how fragmented is android and how painful could be the backward compatibility with 4.3 and below)
So, you could get the iFrame element and then post a msg like
In the same way you could listen to that event inside the frame:
window.addEventListener("message", receiveMessage, false);
This will no cause cross-frame issues and it will be the safer way to pass information, the bad news is that you will not be able to pass the
window.cordova instance, so you will need to establish a conversation between the
iFrame and the