All dynamic content is sourced from https using JSONP, so you will (should) never have any cross origin related issued.
Integrating your app as content (div) is the prefered way as it gives you full control over its behavior and you can interact with it easily. On the other side, if your app uses libraries and styles that are not supported by your web page, integrating the app as content will probably fail or screw-up your site.
iFrames have issues on their own. They will of course never screw up your page as they are totally independant views of the app. If your app is dynamic in the sense that it changes it's height, iFrames will be an issue as they do not adapt the height. For example, if your app is a datatable in which the user can change the number of visible rows, hence the height of the app, iFrames will not behave as expected.
So choose the integration method which best suites your environment and your app.