@7odamoo@YnoofAssiri@Refo_101 hey, thanks for sharing, i don't get how misconfigured CORS policy helped you to access the "contentWindow.location" from the sub1[.]target[.]com? even if the cors is '*' with allow credentials, same origin policy should prevent it.