I think this may be a Firefox issue. I have QIIME 2 View... (with the actual src based on URL parameter on the host site) embedded in an iframe on a site I maintain. On Firefox, I get the console log message "Failed to register/update a ServiceWorker for scope ‘https://view.qiime2.org/’: Storage access is restricted in this context due to user settings or private browsing mode." and "Uncaught (in promise) DOMException: The operation is insecure." I see the error message "SecurityError: The operation is insecure." on the page. I checked settings and "Delete cookies and site data when Firefox is closed" is not checked.
The site itself is https, so it should not be insecure. I'm not in private browsing mode. This works on Chrome. It used to work on older versions of Firefox. I'm not sure if there's an iframe setting I need to use to make this work or if there was a bug referring to this change in Firefox's bug tracker. The direct link (not embedded) works without error messages.