Have you tried using the suggestions in this topic? Kibana iFrame CORS
Basically, use server.cors.origin: ['*'] instead of the boolean.
It's not clear what your code section in part 1 is in reference to. Are you trying to access Kibana's elements in the iframe in your own Javascript?