diff --git a/LayoutTests/imported/w3c/web-platform-tests/badging/setAppBadge_cross_origin.sub.https-expected.txt b/LayoutTests/imported/w3c/web-platform-tests/badging/setAppBadge_cross_origin.sub.https-expected.txt
index d7771c92ba35d..a50c41fa72e08 100644
--- a/LayoutTests/imported/w3c/web-platform-tests/badging/setAppBadge_cross_origin.sub.https-expected.txt
+++ b/LayoutTests/imported/w3c/web-platform-tests/badging/setAppBadge_cross_origin.sub.https-expected.txt
@@ -1,6 +1,6 @@
 
 
 PASS Test that navigator.setAppBadge is available
-FAIL Test that calling setAppBadge in a cross-origin iframe throws a SecurityError assert_equals: setAppBadge should have rejected with an error expected "error" but got "success"
+PASS Test that calling setAppBadge in a cross-origin iframe throws a SecurityError
 PASS Test that calling setAppBadge in a same-origin iframe succeeds
 
diff --git a/Source/WebCore/page/Navigator.cpp b/Source/WebCore/page/Navigator.cpp
index ff982d4e5af8d..08d883949da0e 100644
--- a/Source/WebCore/page/Navigator.cpp
+++ b/Source/WebCore/page/Navigator.cpp
@@ -403,10 +403,16 @@ void Navigator::setAppBadge(std::optional<unsigned long long> badge, Ref<Deferre
         return;
     }
 
-    auto* document = frame->document();
-    if (document && !document->isFullyActive()) {
-        promise->reject(InvalidStateError);
-        return;
+    if (auto* document = frame->document()) {
+        if (!document->isFullyActive()) {
+            promise->reject(InvalidStateError);
+            return;
+        }
+
+        if (!frame->isMainFrame() && !document->topOrigin().isSameOriginDomain(document->securityOrigin())) {
+            promise->reject(SecurityError);
+            return;
+        }
     }
 
     page->badgeClient().setAppBadge(page, SecurityOriginData::fromFrame(frame), badge);