Is there an existing issue for this?

• I have searched the existing issues

OS/Web Information

• Web Browser: Brave
• Local OS: Windows 11
• Remote OS: Ubuntu 24
• Remote Architecture: amd
• code-server --version: latest

Steps to Reproduce

1. create a code-server using docker-compose on a ubuntu server

services:
  code-server:
    image: lscr.io/linuxserver/code-server:latest
    # image: linuxserver/code-server:latest
    container_name: code-server
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - PASSWORD=password #optional
      - HASHED_PASSWORD= #optional
      - SUDO_PASSWORD=password #optional
      - SUDO_PASSWORD_HASH= #optional
      - DEFAULT_WORKSPACE=/config/workspace #optional
    privileged: true
    extra_hosts:
      - "host.docker.internal:host-gateway"
    volumes:
      - ./data/template/config:/config
    ports:
      - 8443:8443
    restart: unless-stopped

2. add HTTPS/SSL using CF tunnels / traefik or something
3. create a simple web page with an iframe that has src="your code-server url"

if I deploy the webpage with the same iframe on Vercel or something, it login works, but doesn't work from localhost. Why? That's annoying

Expected

I expect to see the code-server content in the iframe, even if I'm on localhost.

Actual

Logs

Screenshot/Video

No response

Does this bug reproduce in native VS Code?

Yes, this is also broken in native VS Code

Does this bug reproduce in GitHub Codespaces?

Yes, this is also broken in GitHub Codespaces

Are you accessing code-server over a secure context?

• I am using a secure context.

Notes

Is there any setting for CORS on the code-server?