Overview
Catchpoint Transaction tests (including playwright) often require access to cross-origin iframes within pages to interact with elements for clicking, typing and filling/submitting forms, etc. Due to security restrictions that prevent XSS attacks, Chrome prevents the Catchpoint agent from accessing cross-origin iframes not delivered with the Access-Control-Allow-Origin HTTP header. However, the cross-origin policy is disabled by default in Catchpoint.
You can still enable Chrome's cross-origin policy. You can configure this in the chrome test by checking the Cross-Origin Iframe Do Not Allow option under Advanced settings as shown in the screenshot below. By applying this setting, Chrome's cross-origin policy is enabled.
Additional Notes
It has been found that some pages (or resources on those pages) are negatively affected by disabling web security in the Chrome browser. This may affect some bot detectors since bot detectors would check if the client can access the cross-origin iframes. So, if a site uses bot detection, it may block the test. Other solutions such as Optimizely may also be affected.