open-cti-demo-adapter icon indicating copy to clipboard operation
open-cti-demo-adapter copied to clipboard

Published 20 hours ago verified publisher icon developerforce

Visualforce page note displaying in iframe: Content Security Policy

Open bdbrowder opened this issue 5 years ago • 11 comments

When I try to access the softphone in the utility bar, nothing is displayed, and I see the following error in the Chrome console:

Refused to display 'https://<my-domain>--c.visualforce.com/apex/demoAdapterPage?mode=Lightning&ltn_app_id=06m8A0000004TQ1QAM&isdtp=vw&sfdcIframeOrigin=https%3A%2F%2F<my-domain>.lightning.force.com&clc=1&nonce=92329b81206599f990c3f56ada406d7530a9301e26d562e33447f8f08a2a07b9' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://<my-domain>.my.salesforce.com".

bdbrowder avatar Nov 17 '19 20:11 bdbrowder

preview your Vusualforce page (from Setup -> Pages) and paste the full, absolute URL in the Adapter URL in the Call Center Settings, instead of the relative url '/apex/demoAdapterPage'

dlouvton avatar Nov 17 '19 20:11 dlouvton

After making the change I get the same error. Presumably this is because the domain of the Visualforce page that is being displayed in an iframe (https://my-domain--c.visualforce.com/apex/demoAdapterPage) is not the same as that of the requesting page (https://my-domain.my.salesforce.com).

bdbrowder avatar Nov 17 '19 21:11 bdbrowder

can you try the full url with 'my', i.e. https://mydomain.my.salesforce.com/apex/demoAdapterPage ?

dlouvton avatar Nov 17 '19 21:11 dlouvton

I have tried the following URLs in the call center settings: /apex/demoAdapterPage https://mydomain--c.visualforce.com/apex/demoAdapterPage https://mydomain.my.salesforce.com/apex/demoAdapterPage

All result in the same error, because the page being displayed in the iframe is always https://mydomain--c.visualforce.com/apex/demoAdapterPage?... and the requesting page is always https://mydomain.my.salesforce.com

bdbrowder avatar Nov 17 '19 21:11 bdbrowder

I don't know if it's relevant, but I deployed the demo adapter using sfdx to a Health Cloud org.

bdbrowder avatar Nov 19 '19 01:11 bdbrowder

Regardless of the URL in the Call Center settings I see 3 requests for demoAdapterPage. The first is for

https://mydomain.lightning.force.com/apex/demoAdapterPage?...

This request returns a 302 that redirects to

https://mydomain.my.salesforce.com/apex/demoAdapterPage?...

This request also returns a 302, this time redirecting to

https://mydomain--c.visualforce.com/apex/demoAdapterPage?

bdbrowder avatar Nov 19 '19 16:11 bdbrowder

Given that I am also redirected to the visualforce.com domain when I enter https://mydomain.my.salesforce.com/apex/demoAdapterPage into the browser, this seems to be standard behavior. Assuming this is true, is it possible to use a visualforce page to create a custom adapter?

bdbrowder avatar Nov 21 '19 19:11 bdbrowder

The fix is to turn of click jack protection. Go to session setting and turn off 2 click jack protection setting

tjjingshen avatar Nov 22 '19 11:11 tjjingshen

Thank you. The missing step was to go to Setup > Security > Session Settings and add the following as Whitelisted Domains:

  • mydomain.my.salesforce.com
  • mydomain.lightning.force.com

bdbrowder avatar Nov 22 '19 16:11 bdbrowder

I am getting same error on one of my visual force page and could not resolve by adding these.

Ishitaver avatar Jul 09 '21 10:07 Ishitaver

I was able to fix this by changing the call center setting "CTI Adapter URL2" from https://myinstance.vf.force.com/apex/demoAdapterPage2 to https://myinstance.vf.force.com/apex/demoAdapterPage. Just removing the 2 fixed it, and i also added the above domains to "Trusted Domains" as explained above.

Tom331 avatar Aug 11 '22 19:08 Tom331