You need to sign in to do that
Don't have an account?
Critical Update: Enable clickjack protection
I am reviewing a Critical Update. Here is the Update Summary:
This update enables clickjack protection for all non-setup Salesforce pages. If you use <iframe> elements to frame pages from a non-Salesforce domain, this update will impact your organization.
We DO have VisualForce pages which <iframe> pages from our homegrown applications. So I was reluctant to ACTIVATE this Update. Instead, I figured I'd try to Activate it in our sandbox just to see what would happen to our <iframe>s. Much to my surprise, nothing happened. Our iframes continued to load with no problem.
Can anybody explain why Salesforce says, "this update will impact your organization" and yet my organization is not impacted? Do I have to wait a day or two the the Update to take effect? Are there exceptions to the rule? Does it maybe work on some browsers but not others?
This is a very poorly explained Critical Update considering it could potentially disable my entire production Org if I overlooked something.
Thanks,
Mike
Hello,
There are few specific cases where error occurs. Please refer following links:
https://help.salesforce.com/apex/HTViewSolution?urlname=VisualForce-components-in-Page-Layouts-causing-URL-No-Longer-Exists-error&language=en_US
https://success.salesforce.com/issues_view?id=a1p30000000T0tCAAS
It's the other direction that is being affected by this change, and it's specifically for pages that are built into the Salesforce platform and not customer-created or package-installed Visualforce pages. If your homegrown applications frame a Visualforce page, then that should be fine as long as the "Enable clickjack protection for non-setup customer Visualforce pages" session setting is off. The "Enable clickjack protection for non-setup Salesforce pages" preference does not affect the framing of Visualforce pages in either direction, though there is a known issue where a Visualforce page rendered when an unhandled exception in the Apex controller occurs may look at the "Enable clickjack protection for non-setup Salesforce pages" session setting instead of the "Enable clickjack protection for non-setup customer Visualforce pages" session setting. In your use case, where a Visualforce page is framing homegrown applications, that issue won't apply as it's the framabilities of the Salesforce.com-served pages that are affected by these session settings.