Embedding the CHILI Editor and communicating using JavaScript is a relatively trivial thing to set up.
But when the embedded editor is loaded from a different domain (or even sub-domain), there are security limitations to what the browsers will allow. This is due to same-origin policy, which blocks JavaScript between <iframe> and window unless the dom
There are three possibilities here:
...
In this case, there is no issue at all all, but this is not possible with CHILI publish Online without having a reverse proxy.
The portal and CHILI are hosted on the same main domain, but different sub-domains
...
See Reverse Proxy setup for IIS for WIndows webservers