JavaScript blocks access to cross-origin frame

[sshymko]

Preconditions

1. HTTPS website
2. Full Page Cache enabled
3. 3rd party iframe, such as Google Customer Reviews badge, on website pages

Steps to reproduce

1. Open any website page with the 3rd party iframe
2. Open developer console in the browser
3. Notice JavaScript errors

Expected result

• FPC does not process 3rd party resources that do not belong to the website domain

Actual result

• The following JavaScript error in the console:

Uncaught DOMException: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin "https://www.example.com" from accessing a cross-origin frame.

• Magento FPC considers the 3rd party iframe as the Magento page, because its URL contains the store domain "www.example.com" in the query string:
  https://www.google.com/shopping/customerreviews/badge?usegapi=1&merchant_id=101500539&position=BOTTOM_RIGHT&hl=en_US&origin=https%3A%2F%2Fwww.example.com&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en.GBDVBIKSh6E.O%2Fm%3D__features__%2Fam%3DAQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCOvjPXLze_vbEyZVBIlOAVh5fcR-g

[Igloczek]

Fixed here #8005.

[sshymko]

Closing as duplicate of #8005.
Thanks @Igloczek!