CODEWITHSUNDEEP
salesforcesalesforce-lightning
booky99
booky99

Reputation: 1456

Lightning embed iframe from another website

I'm trying to build a simple component to display a web page inside a Lightning component. This is my starting code.

<aura:component implements="force:appHostable">
    <iframe width="100%" height="350px" style="border: 1px solid" src="https://trailhead.salesforce.com/en/content/learn/trails/wave_analytics_apps" />
</aura:component>

Then I was going to embed this into a Lightning Component using iframe. Is there any way to make it work? I've checked ClickJack by disabling it. I've created records in Remote Site Settings, CORS, and CSP Trusted Sites. I still get this error.

enter image description here

Upvotes: 2

Views: 10789

Answers (2)

quyma viana
quyma viana

Reputation: 11

my friend. i have the same problem recently. So, I resolved temporary disabled the flags of chrome that implements the news features, the flags will be default only 84 version of chrome, but you can win this question quickly, do this:

1 - go to chrome://flags/ into url of chrome.

2 - disabled the flags below:

   - SameSite by default cookies = disabled
   - Enable removing SameSite=None cookies = disabled
   - Cookies without SameSite must be secure = disabled

3 - click on Relaunch.

For you resolved definitly in saleforce, you can ask to the own (page embeded), that implement in your cookie same values in cookie them:

 - On the cookie set values to:
    - secure = Yes
    - SameSite = NONE.

For me resolved good. But if you need get a event by iframe using component Aura, tell me here and i give and post more information.

Upvotes: 1

eyescream
eyescream

Reputation: 19622

It's not you, it's them. The hint is in "{target} refused to connect". I don't know what you did to your Chrome error console but the error should be in there.

Refused to frame 'https://trailhead.salesforce.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'none'".

https://en.wikipedia.org/wiki/Content_Security_Policy

that trailhead page doesn't allow to be embedded anywhere else, not even on pages from same subdomain. Your component will work fine if you use src="https://example.com". Generally you'd need to talk with the target website's owner to whitelist your SF (internal mydomain and/or community, depends what exactly you want to do with it)

enter image description here

Upvotes: 3

Related Questions