• logan-trailblazer
  • 0 Points
  • Member since 2017

  • Chatter
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 1
  • 0
I have an external website (non-Salesforce domain) where one of its page is exposing a Salesforce LEX public community page via iframe.

The community's setting "Clickjack Protection Level" is set to "Allow framing by any page", so the iframe response header "X-FRAME-OPTIONS" is set to "ALLOWALL".

The Salesforce public community page has an aura component that triggers a Salesforce flow.

This works fine in IE, but in Chrome because of the recent security change (SameSite by default cookies) it seems that cookie access (set or read) is disabled.

The iframe tag is ommiting the sandox attribute and in chrome after loading it throws the technical error:

"Please enable cookies in your browser to display this site."

The Salesforce standard cookie check is failing:

document.cookie = "cookieTest=x";
var cookieEnabled = document.cookie.indexOf("cookieTest=") != -1; document.cookie = "cookieTest=x; expires=Thu, 01-Jan-1970 00:00:01 GMT;";
if (!cookieEnabled) {
........ display error message to user
Has anyone faced the same issue or would know how to avoid this error message in chrome without changing the browser settings?

PS: I don't need any cross-origin cookie from the external website (exposing the community page via iframe)
Additionally, iframe would not be my first option but is an approach that was already agreed before I got involved and before changing approach I will have to discuss with the other party involved.

Thank you in advance