Updated 15 April 2020: Fix the message forwarder to properly clone objects before they are passed to postMessage Here I am, back with <iframe> and cross-domain tracking. I've published a couple of articles before on the topic, with my upgraded solution being the most recent one. These articles tackle the general problem of passing the Client ID from the parent to the <iframe>. By doing so, the <iframe> can take the Client ID from the frame URL and create the _ga cookie in the <iframe>, allowing hits from the parent and the <iframe> to use the same Client ID.
Some years ago, I wrote a post on how to track cross-domain iframes when using Google Tag Manager and Google Analytics. That solution relied on hitCallback to decorate the iframe, and now that I look back on it, it has its shortcomings. For one, the older solution used hitCallback which, while being reliable in that Google Analytics has definitely loaded with the linker plugin when the method is called, doesn't take into account the possible race condition of the script running before the iframe has been loaded.
NOTE! This solution has been upgraded, and the new approach can be found here. If you're unfamiliar with the lingo, cross-domain tracking is a hack used by Google Analytics to circumvent the web browser's same-origin policy. Essentially, the policy dictates that browser cookies can only be shared with a parent domain and all its sub-domains. In other words, domainA.com and domainB.com do not share cookies. Since Google Analytics calculates sessions and users by using a cookie, this is problematic.