Field service visualforce pages display a blank page or an error referencing CSP settings blocking content when the "Enable clickjack protection for customer Visualforce pages with headers disabled" is enabled

게시 일자: Sep 11, 2023

상세 설명

As per the recommendations from the health check, it is required to enable the setting "Enable clickjack protection for customer Visualforce pages with headers disabled" under the session settings page and this might lead to blocking the content of field service visualforce pages.

Note:
Enable clickjack protection for customer Visualforce pages with headers disabled:
Protects against clickjack attacks on your Visualforce pages with headers disabled when setting showHeader="false" on the page.

솔루션

To resolve this issue it is required to add 2 domains in the trusted domains section.

Please follow the below instructions,
- Login to the Salesforce org as a System Admin
- Go to Setup
- In the quick find, search for "Session Settings"
- Go to the "Trusted Domains" section
- Click on "Add Domain"

Domain = https://*.lightning.force.com
IFrame Type = Visualforce Pages

- Click "Save & New"
- Click on "Add Domain"

Domain = https://*.vf.force.com
IFrame Type = Visualforce Pages

- Click "Save"

Example attachment for reference,
ClickJackIssue (1).png

Knowledge 기사 번호

000394615

이 기사를 통해 문제를 해결했습니까?

개선을 위한 의견을 보내주세요.

Field service visualforce pages display a blank page or an error referencing CSP settings blocking content when the "Enable clickjack protection for customer Visualforce pages with headers disabled" is enabled

General Information

Required Cookies

Functional Cookies

Advertising Cookies

General Information

Required Cookies

Functional Cookies

Advertising Cookies

Cookie List