+ Start a Discussion
Terence_ChiuTerence_Chiu 

CORS Issue with loading a Lightning App onto a Visualforce Page used with a Force.com Site

Hi All,

I ran into an issue in my production org that did not occur in sandboxes so wanted to see if anyone ran into this issue.

I have built a lightning app with lightning components and I am loading it onto a visualforce page using lightning out. The visualforce page is used within a Force.com site. When loading the page either via the vf page while logged into salesforce or from the public url of the site the following error is written to the brower's console log.

XMLHttpRequest cannot load https://XXXXX.lightning.force.com/c/XXXXXXXX.app?aura.format=JSON&aura.formatAdapter=LIGHTNING_OUT. Redirect from 'https://XXXXX.lightning.force.com/c/XXXXXX.app?aura.format=JSON&aura.formatAdapter=LIGHTNING_OUT' to 'https://XXXXXX.my.salesforce.com/visualforce/session?url=https%3A%2F%2FXXXXX.lightning.force.com%2Fc%2FXXXXXXXX.app%3Faura.format%3DJSON%26aura.formatAdapter%3DLIGHTNING_OUT' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://XXXXXXX.secure.force.com' is therefore not allowed access.

I've masked the domain names and app component names, however, I have added the urls referenced in the above message in the CORS whitelist settings. I did the same in the sandboxes and was able to load the page without any issue. Could there be something I could be missing?

Thanks in advance!