The latest version of 8thframe, 1.5.0, currently uses an old webvr-polyfill,
which appears to be attempting to communicate with an unmanaged domain (dpdb[.]webvr[.]rocks) when used on an iPhone.
Currently, this is accidentally blocked by CORS restrictions, etc., and is ultimately harmless, but it is dangerous, so please correct the communication destination as soon as possible.
check: webvr-polyfill default DPDB json domain is expired ยท Issue #5538 ยท aframevr/aframe ยท GitHub