Aug 03, 2020 06:02 PM|bruce (sqlwork.com)|LINK
Anti-forgery uses a cookie and hidden field. the post back must be to the same domain or the cookie is not sent.
You are hitting a cross origin error with the iframe, check the console. use the browsers debugging tools to see why blocked.