The issue is likely caused by the browser's same-origin policy in combination with iframe sandbox restrictions.
While it may appear to be a cross-origin issue, the actual culprit is often the sandbox attribute.
The HTML iframe tag can have a sandbox attribute for security purposes.
It's possible that itch.io embeds uploaded content in a sandboxed iframe hosted on their own servers.
When the sandbox attribute is present, it restricts JavaScript interactions between parent and child frames, form submissions, popups, and same-origin access.
If allow-same-origin is not specified, the iframe content is treated as coming from a completely different origin.
As a result, once an iframe is sandboxed, it is treated as cross-origin, and this leads to a “Permission Denied” error.
Therefore, I recommend reviewing how you're handling iframes or considering alternatives that don't rely on using iframes.