function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Hariharan RaviHariharan Ravi 

lightning component iframe only allowed embedded link.. How i access normal website url like google.com

lightning component iframe only allowed embedded link.. How i access normal website url like google.com?
Best Answer chosen by Hariharan Ravi
Zuinglio Lopes Ribeiro JúniorZuinglio Lopes Ribeiro Júnior
Hello Hariharan,

That's is not up to Salesforce to decide. That kind of restriction is imposed by the site you're requesting when they enforce some parameters in the response header.

Here is an article explaining this:
https://help.salesforce.com/articleView?id=000182205&type=1

So let say you have a component like this:
<aura:component implements="force:appHostable,flexipage:availableForAllPageTypes,flexipage:availableForRecordHome,force:hasRecordId,forceCommunity:availableForAllPageTypes,force:lightningQuickAction" access="global" >
    <iframe src="https://google.com/"
            width="100%"
            height="500px"
            sandbox="allow-same-origin allow-scripts allow-forms"
            scrolling="auto"/>
</aura:component>

You won't be able to see google page and that's because in their header they enforce that:

User-added image

Using SAMEORIGIN it's enforcing that you cannot display Google website if the domain does not match. In this case Salesforce domain and Google are distinct.

But if you try with another website that does not enforce that restriction, you will be able to see it:
 
<aura:component implements="force:appHostable,flexipage:availableForAllPageTypes,flexipage:availableForRecordHome,force:hasRecordId,forceCommunity:availableForAllPageTypes,force:lightningQuickAction" access="global" >
    <iframe src="https://www.uol.com.br/"
            width="100%"
            height="500px"
            sandbox="allow-same-origin allow-scripts allow-forms"
            scrolling="auto"/>
</aura:component>

Hope to have helped!

Regards.

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.

All Answers

Zuinglio Lopes Ribeiro JúniorZuinglio Lopes Ribeiro Júnior
Hello Hariharan,

That's is not up to Salesforce to decide. That kind of restriction is imposed by the site you're requesting when they enforce some parameters in the response header.

Here is an article explaining this:
https://help.salesforce.com/articleView?id=000182205&type=1

So let say you have a component like this:
<aura:component implements="force:appHostable,flexipage:availableForAllPageTypes,flexipage:availableForRecordHome,force:hasRecordId,forceCommunity:availableForAllPageTypes,force:lightningQuickAction" access="global" >
    <iframe src="https://google.com/"
            width="100%"
            height="500px"
            sandbox="allow-same-origin allow-scripts allow-forms"
            scrolling="auto"/>
</aura:component>

You won't be able to see google page and that's because in their header they enforce that:

User-added image

Using SAMEORIGIN it's enforcing that you cannot display Google website if the domain does not match. In this case Salesforce domain and Google are distinct.

But if you try with another website that does not enforce that restriction, you will be able to see it:
 
<aura:component implements="force:appHostable,flexipage:availableForAllPageTypes,flexipage:availableForRecordHome,force:hasRecordId,forceCommunity:availableForAllPageTypes,force:lightningQuickAction" access="global" >
    <iframe src="https://www.uol.com.br/"
            width="100%"
            height="500px"
            sandbox="allow-same-origin allow-scripts allow-forms"
            scrolling="auto"/>
</aura:component>

Hope to have helped!

Regards.

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.
This was selected as the best answer
Hariharan RaviHariharan Ravi
Hi Zuinglio, 
Thank you for your quick response. Problem SOLVED

Thanks & Regards,
Hariharan Ravi