You need to sign in to do that
Don't have an account?
gsmithfarmer
BUG: Custom ApexPage HTML generation causes a Cross Site Hijack Error -- no external sites referenced
On cs13 the source for an custom ApexPage is loaded from c.cs13.visual.force.com and wrapped in an IFRAME. If the controller for this page returns a PageReference to a standard SFDC page the page host is set to cs13.salesforce.com. Because the custom ApexPage is in an IFRAME and the next page is in a different doman a "...cannot be displayed in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'." hijacking type error and fails to load. Oddly enough, on our production instance the code generated for the ApexPage DOES NOT use an IFRAME.
On the cs13 sandbox, generated HTML code is:
<iframe frameBorder="0" id="contentPane" name="contentPane" onload="initContentFrame('https://c.cs13.visual.force.com/apex/Software_License_Validation?id=a085000000BovnNAAR&restrictTo=02i500000096LclAAE&type=auth&core.apexpages.devmode.url=1', true, false , 'https://cs13.salesforce.com' );" src="/blank.html" style="width: 100%; height: 100%" title="Content Pane"></iframe>
On production, their are no IFRAMEs in the generated HTML code.
On the cs13 sandbox, generated HTML code is:
<iframe frameBorder="0" id="contentPane" name="contentPane" onload="initContentFrame('https://c.cs13.visual.force.com/apex/Software_License_Validation?id=a085000000BovnNAAR&restrictTo=02i500000096LclAAE&type=auth&core.apexpages.devmode.url=1', true, false , 'https://cs13.salesforce.com' );" src="/blank.html" style="width: 100%; height: 100%" title="Content Pane"></iframe>
On production, their are no IFRAMEs in the generated HTML code.
Are you still facing this issues, if yes will you please provide the steps to reproduce this issue.
Please email me (pmunot@salesforce.com) details including: Sandbox & production Id, Grant login access for a week (https://help.salesforce.com/apex/HTViewSolution?id=000003910&language=en_US) and exact steps to reproduce the issue.
Thanks,
Pratik