function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Alex Packard 5Alex Packard 5 

Spring 21 CSP Problem

Spring 21 CSP Problem

In Spring 21 it appears that attempting to load an iframe of a page from a managed package, it gets blocked by Content Security Policy.

Say you have a package whose namespace is "MyNS", which includes a visualforce page named "Inner_Page". Now include that page via iframe in another visualforce page, like so:
 
<apex:page >

    Iframe Test

    <iframe src="MyNS__Inner_Page"/>

</apex:page>

You will see the "Iframe Test" text loads successfully, but the iframe does not and there will be the following error will appear in the browser console:

https://my-org-domain--myns.cs41.visual.force.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".

This is going to break multiple pages in our application when it is released to production.

Has anyone else seen this?  Will it be fixed before Spring 21 is officially released?

 
VinayVinay (Salesforce Developers) 
Hi Alex,

Looks like there is an existing KI for similar issue,  Can you try workaround mentioned below

https://trailblazer.salesforce.com/issues_view?id=a1p3A0000003UIfQAM

Thanks,
Alex Packard 5Alex Packard 5
Hi Vinay.  Thanks for finding that, it does seem related.  I think my issue is new, however, because the error doesn't occur in Winter 21, only in Spring 21