Apex Code Development You need to sign in to do that
Don't have an account?
Alex Packard 5 Spring 21 CSP Problem
Spring 21 CSP Problem
In Spring 21 it appears that attempting to load an iframe of a page from a managed package, it gets blocked by Content Security Policy.
Say you have a package whose namespace is "MyNS", which includes a visualforce page named "Inner_Page". Now include that page via iframe in another visualforce page, like so:
You will see the "Iframe Test" text loads successfully, but the iframe does not and there will be the following error will appear in the browser console:
https://my-org-domain--myns.cs41.visual.force.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".
This is going to break multiple pages in our application when it is released to production.
Has anyone else seen this? Will it be fixed before Spring 21 is officially released?
In Spring 21 it appears that attempting to load an iframe of a page from a managed package, it gets blocked by Content Security Policy.
Say you have a package whose namespace is "MyNS", which includes a visualforce page named "Inner_Page". Now include that page via iframe in another visualforce page, like so:
<apex:page > Iframe Test <iframe src="MyNS__Inner_Page"/> </apex:page>
You will see the "Iframe Test" text loads successfully, but the iframe does not and there will be the following error will appear in the browser console:
https://my-org-domain--myns.cs41.visual.force.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".
This is going to break multiple pages in our application when it is released to production.
Has anyone else seen this? Will it be fixed before Spring 21 is officially released?
Looks like there is an existing KI for similar issue, Can you try workaround mentioned below
https://trailblazer.salesforce.com/issues_view?id=a1p3A0000003UIfQAM
Thanks,