Sorry Adam none of my programmers can agree with your asscessment of this issue; nor will any of your proposed soltuions work for securing the entire chat thread and communicaiton. If that were the case any request from site A that received a input box from site B would receive a security waring; in which I have expalined we only receive it one time.
In either caase we could not isntall your application on site A "on our shopping cart" it will not meet the required PCI DSS compliance. And we would have to certify it; don't want to go through the expense.
If I have my programmers look at it and they provide a soltion would you be willing to compenstate us? We may be willing to trade for an applicaiton license. Just a thougth I would really like to solve this for us!
We did resolve the issue and it was rather a simple fix has mentioned before your were making calls in .js to external http server for audio play file to adobe.