I'm using the tableau JS API to manipulated an embedded tableau dashboard served by my own tableau server instance.
When my page generates a url with a trust token and calls
new tableau.Viz(placeholderDiv, url, options);
(Where placeholderDiv is an empty div on the page, url is the url with the trust ticket embedded, options just contains the width/height, hidetabs and hidetoolbar attributes.)
Safari always renders the viz with the login to Tableau as though the trust ticket was not present.However the same code works fine in chrome and no login is presented.
I've validated that the URL generated with the trust token is correct, Instead of passing it to the JS lib i opened a new window with it directly outside the iframe.
Running the dev tools I see there are some requests made in the page loaded in the iframe code to access window.parent.xxx and those seem to be blocked by safari, which might be the cause.
"Blocked a frame with origin "http://" from accessing a frame with origin "http://". Protocols, domains, and ports must match."
From a security point of view I guess this makes sense, but how is this supposed to work? I'm guessing chrome is either being more lenient, or is getting presented different content by Tableau as it doesn't even present a warning.
