"Allow CORS" might not work with iFrames
Created by: maheee
Need to check, but since it adds the URL from the adress bar to the "Access-Control-Allow-Origin" response header, it makes the situation probably worse for iFrames than without the option activated. Would need to use the iFrame URL for this header ...