Loading

Iframe or Web Tab content displays a blank page

Date de publication: Jun 26, 2023
Description

Clickjacking attacks, defenses like X-Frame-options, are rising in popularity and are preventing iframes from being a valid way to display content. Since using an iframe is no longer possible, well give you more information on what your options are. 

Résolution

Salesforce has also implemented its own defenses to "Clickjacking" attacks within the native UI. Due to this, the iFraming of Salesforce, or the iFraming of some external websites is no longer recommended. Modern browsers are forced to defend against this new kind of attack, where framing is used by malicious attackers to compromise a browser and potentially steal customer data. 


In response, many browsers have implemented a new HTTP header called "X-Frame-Options," and it's gaining in popularity. 
 

Here's the workaround to iframes

If you're encountering this problem, instead of using a web tab, a custom link can deliver the URL with the behavior set to:
  • Display in new window.
  • ​Display in existing window without sidebar or header.
 
Numéro d’article de la base de connaissances

000384802

 
Chargement
Salesforce Help | Article