Apex Code Development You need to sign in to do that
Don't have an account?
Yogesh Kanaki LWC Component iframe tag "frame-src"
I have used ifram tag to display the PDF that is rendered from Visualforce page, but im using the LWC Component in Community Portal because of that im getting an error for iframe Error = "Refused to frame '' because it violates the following Content Security Policy directive: "frame-src 'self' "
I have added Site to the CSP Trusted Sites into the org, but its not working
I have added Site to the CSP Trusted Sites into the org, but its not working
With the error it looks like you might be running into browser security limitations, as it is trying to access cross-domain for the iframe. Generally, browsers aren't a fan of this approach because of the risk of clickjacking attacks.
"Salesforce has also implemented its own defenses to "Clickjacking" attacks within the native UI. Due to this, the iFraming of Salesforce, or the iFraming of some external websites is no longer recommended. Modern browsers are forced to defend against this new kind of attack, where framing is used by malicious attackers to compromise a browser and potentially steal customer data.
Also, found that the usage of Blob URLs is disallowed in iframes.
The frame-src directive disallows the blob: schema. This restriction prevents an attacker from injecting arbitrary content into an iframe in a clickjacking attempt. Use a regular link to a blob URL and open the content in a new tab or window instead of using an iframe.
Please refer to the following article for more details:
https://developer.salesforce.com/docs/atlas.en-us.230.0.lightning.meta/lightning/security_csp.htm
As the above article mentions, can you please use a regular link to a blob URL and open the content in a new tab or window instead of using an iframe.
If the above information helps , please mark this as Best Answer.
Thank you.