As the title says, a non-enrolled site might load from an iframe an enrolled site. The hooks of the sub_frame were injected in the main_frame, breaking it. Even if that was not the case, there would be a mismatch with WASM auth.
c748097 is a temporary fix but we should test more cases
