Password iframe gets blocked by browser

On: https://apps.learn.staging.totem-project.org/learning/course/course-v1:Totem+TP_SP_ES+001/block-v1:Totem+TP_SP_ES+001+type@sequential+block@d66aab6b64324bd7b0355c0f7c86c269/block-v1:Totem+TP_SP_ES+001+type@vertical+block@428df6c00ce94d8cbf4bf87c37558413

• Password checker iframe does not work

Background-information:

The password checker is a small JavaScript application that gets included in an iframe. For security reasons that iframe needs to be hosted under the (exact) same domain as where the course is hosted. This used to be learn.<domain>, but now it's apps.learn.<domain>.

We used to have nginx serve as a reverse proxy learn.<domain>/js-components/ to host the content for the iframe. However, nginx got removed from Tutor.