So, does it meant that Xojo does support running a web app in an iframe and the same origin policy is configurable. There was an earlier post that seemed to indicate that web app in iFrame is not supported.
Is there a way to secure the Web App in another way.
I am looking into running a web app inside of a chrome plugin, so I have to allow serving from any origin; it would be great to know if there is a standard way to secure the web app anyway.