+ Start a Discussion
Vaibhav ShettiVaibhav Shetti 

Refused to frame test.abc.com because an ancestor violates the following Content Security Policy directive: frame-ancestors https://<mydomain>--<sandbox>.lightning.force.com".

Hi All,

I have a detailed page button to load a visualforce page in new window. I added this button to Lightning actions in page layout. So when I visit the record details in lightning and click on the button, it successfully loads the visualforce page and this page is in an iframe (with no src attribute) which salesforce automatically adds. Let's call this parent iframe. Further, the page has a javascript code/library loaded through static resource, which inturn loads an external page in another iframe with src link to say 'test.abc.com'. Let's call this child iframe. I see test.abc.com refused to connect in child iframe section. In console I see Refused to frame test.abc.com  because an ancestor violates the following Content Security Policy directive: frame-ancestors https://<mydomain>--<sandbox>.lightning.force.com". 

After reading through few articles, I whitelisted the domain of chilf iframe - 'https://test.abc.com' in Session Settings with 
Enable clickjack protection for customer Visualforce pages with standard headers - checked and  
Enable clickjack protection for customer Visualforce pages with headers disabled - unchecked.

I have also added 'https://test.abc.com' in Remote Site Settings. However, still I do not see contents loading with child iframe.

How can this be resolved?
VinayVinay (Salesforce Developers) 
Hi Vaibhav,

Can you try adding the lowercase domain name to the whitelist on the "Session Settings" page in Setup?

Few references:

https://salesforce.stackexchange.com/questions/262697/content-security-policy-error-while-loading-apex-iframe
https://salesforce.stackexchange.com/questions/216272/content-security-policy-csp-of-lightningcontainer

Thanks,
Vinay Kumar