function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Tobias HaggeTobias Hagge 

Clickjack protection for "non-setup customer Visualforce pages"

Hello.

I would like to include a VF page of an Account on a non-Salesforce website. Even though "Enable clickjack protection for non-setup customer Visualforce pages" isn't enabled it gives me the following error message:

Refused to display 'https://iwoca--c.eu1.visual.force.com/AccountID/m?isdtp=vw' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.

<iframe height="600" width="500"  src="https://iwoca--c.eu1.visual.force.com/apex/VF_ECN_Account?id=AccountID">
  <p>Your browser does not support iframes.</p>
</iframe>

Any idea what to do?
dev_sfdc1dev_sfdc1
Hi Tobias Hagge,

Please refer below links..

http://salesforce.stackexchange.com/questions/12978/canvas-app-is-not-working-because-of-x-frame-option-in-response-header-of-exte

https://help.salesforce.com/HTViewSolution?id=000182205&language=en_US

tHANK yOU


Tobias HaggeTobias Hagge
Ah thank you. That means that Salesforce settings allow to display the VF page, but the website doesn't?! So I need the website to whitelist VF pages and it should work, right?
dev_sfdc1dev_sfdc1
Yes Probably you need to whitelist..Please check it once and let me know..