Apex Code Development You need to sign in to do that
Don't have an account?
James Buckelew iframe in VF page getting "x-frame-options set to deny" for other users except me
I have a flow that is invoked by a button on the opportunity. It's an on screen flow that will display a dropdown with two options. One of those options, if chosen, will display an iframe (calendly) in an aura component that calls a visualforce page.
I have no issues access this and viewing the widget in an iframe, however other users cannot see it. It displays the sad face png.I've been searching on this for a few hours and have tried a few different things, and no luck. I will add code here.
.cmp
VF Page
I have unchecked both clickjack options. I have added as many pages as I can think to the trusted page source list. I can access this no problem, but other users cannot. If I login as other users, I can access the iframe. They have access to the VF page.
I have no issues access this and viewing the widget in an iframe, however other users cannot see it. It displays the sad face png.I've been searching on this for a few hours and have tried a few different things, and no luck. I will add code here.
.cmp
<aura:component implements="forceCommunity:availableForAllPageTypes,lightning:availableForFlowScreens" access="global">
<aura:attribute name="firstName" type="String"/>
<aura:attribute name="lastName" type="String"/>
<aura:attribute name="decodedEmail" type="String"/>
<aura:attribute name="recordId" type="String"/>
<aura:attribute name="cDomain" type="String" default="https://nameddomain--c.visualforce.com"/>
<iframe src="{!v.cDomain + '/apex/Calendly?recordId=' + v.recordId + '%3DfirstName=' + v.firstName + '%3DlastName=' + v.lastName + '%3Demail=' + v.decodedEmail}" width="100%" height="500px;" frameBorder="0"/>
</aura:component>
.design
<design:component>
<design:attribute name="firstName" label="First Name"/>
<design:attribute name="lastName" label="Last Name"/>
<design:attribute name="decodedEmail" label="Email"/>
<design:attribute name="recordId" label="Record Id"/>
</design:component>
VF Page
<apex:page showHeader="false" standardStylesheets="false" sidebar="false" applyHtmlTag="false" applyBodyTag="false" docType="html-5.0">
<!-- Calendly inline widget begin -->
<div class="calendly-inline-widget" style="min-width:320px;height:550px;"></div>
<script type="text/javascript" src="https://assets.calendly.com/assets/external/widget.js"></script>
<!-- Calendly inline widget end -->
<script>
const calendlyHandle = "https://calendly.com/onboarding/?sfid={!$CurrentPage.parameters.recordId}&first_name={!$CurrentPage.parameters.firstName}&last_name={!$CurrentPage.parameters.lastName}&email={!$CurrentPage.parameters.email}";
const calendlyContainer = document.getElementByClassName("calendly-invite-widget");
calendlyContainer.setAttribute("data-url", calendlyHandle );
</script>
</apex:page>
I have unchecked both clickjack options. I have added as many pages as I can think to the trusted page source list. I can access this no problem, but other users cannot. If I login as other users, I can access the iframe. They have access to the VF page.
> Please ensure that the visualforce page was accessible to the user's profile
> Add the visualforce page to the Community's page (Setup --> Communities --> MyCommunity --> Workspace --> Administration --> Pages --> force.com site --> Site Visualforce Pages)
> Change the iframe URL to /MyCommunity/apex/PageName
https://salesforce.stackexchange.com/questions/224145/iframed-vf-page-fails-in-lightning-component-in-community-page
Hope this helps...
Thanks,
<aura:component implements="flexipage:availableForAllPageTypes" access="global"> <aura:attribute name="firstName" type="String" access="global"/> <aura:attribute name="lastName" type="String" access="global"/> <aura:attribute name="decodedEmail" type="String" access="global"/> <aura:attribute name="recordId" type="String" access="global"/>