Field Service Visualforce Pages Show a Blank Page or CSP Error When the "Enable Clickjack Protection for Customer Visualforce Pages with Headers Disabled" Setting Is Enabled

Root Cause

Field Service Visualforce pages use iframes that load content from the Salesforce Lightning domain (.lightning.force.com) and the Visualforce domain (.vf.force.com). When clickjack protection is enabled without these domains being trusted, the browser blocks the iframe content, resulting in a blank page or CSP error.

Steps to Resolve

To resolve this issue, add two domains to the Trusted Domains section in Salesforce Session Settings:

1. Log in to the Salesforce org as a System Administrator.
2. Go to Setup.
3. In the Quick Find box, search for Session Settings.
4. Scroll to the Trusted Domains section.
5. Click Add Domain.
   1. Domain: https://*.lightning.force.com
   2. IFrame Type: Visualforce Pages
6. Click Save & New.
7. Click Add Domain.
   1. Domain: https://*.vf.force.com
   2. IFrame Type: Visualforce Pages
8. Click Save.

After adding both domains, Field Service Visualforce pages load correctly without blank page or CSP errors, even with clickjack protection enabled. The screenshot below shows an example of a correctly configured Trusted Domains setup.