Field service visualforce pages display a blank page or an error referencing CSP settings blocking content when the "Enable clickjack protection for customer Visualforce pages with headers disabled" is enabled

Дата публикации: Sep 11, 2023

Описание

As per the recommendations from the health check, it is required to enable the setting "Enable clickjack protection for customer Visualforce pages with headers disabled" under the session settings page and this might lead to blocking the content of field service visualforce pages.

Note:
Enable clickjack protection for customer Visualforce pages with headers disabled:
Protects against clickjack attacks on your Visualforce pages with headers disabled when setting showHeader="false" on the page.

Решение

To resolve this issue it is required to add 2 domains in the trusted domains section.

Please follow the below instructions,
- Login to the Salesforce org as a System Admin
- Go to Setup
- In the quick find, search for "Session Settings"
- Go to the "Trusted Domains" section
- Click on "Add Domain"

Domain = https://*.lightning.force.com
IFrame Type = Visualforce Pages

- Click "Save & New"
- Click on "Add Domain"

Domain = https://*.vf.force.com
IFrame Type = Visualforce Pages

- Click "Save"

Example attachment for reference,
ClickJackIssue (1).png

Номер статьи базы знаний

000394615

Эта статья решила вашу проблему?

Оставьте свой отзыв, чтобы мы могли стать лучше!

Field service visualforce pages display a blank page or an error referencing CSP settings blocking content when the "Enable clickjack protection for customer Visualforce pages with headers disabled" is enabled

General Information

Required Cookies

Functional Cookies

Advertising Cookies

General Information

Required Cookies

Functional Cookies

Advertising Cookies

Cookie List