function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
gsmithfarmergsmithfarmer 

BUG: Custom ApexPage HTML generation causes a Cross Site Hijack Error -- no external sites referenced

On cs13 the source for an custom ApexPage is loaded from c.cs13.visual.force.com and wrapped in an IFRAME.  If the controller for this page returns a PageReference to a standard SFDC page the page host is set to cs13.salesforce.com. Because the custom ApexPage is in an IFRAME and the next page is in a different doman a "...cannot be displayed in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'." hijacking type error and fails to load.  Oddly enough, on our production instance the code generated for the ApexPage DOES NOT use an IFRAME.

On the cs13 sandbox, generated HTML code is:
<iframe frameBorder="0" id="contentPane" name="contentPane" onload="initContentFrame('https://c.cs13.visual.force.com/apex/Software_License_Validation?id=a085000000BovnNAAR&amp;restrictTo=02i500000096LclAAE&amp;type=auth&amp;core.apexpages.devmode.url=1', true, false , 'https://cs13.salesforce.com' );" src="/blank.html" style="width: 100%; height: 100%" title="Content Pane"></iframe>

On production, their are no IFRAMEs in the generated HTML code.
PratikPratik (Salesforce Developers) 
Hi,

Are you still facing this issues, if yes will you please provide the steps to reproduce this issue.

Please email me (pmunot@salesforce.com) details including: Sandbox & production Id, Grant login access for a week (https://help.salesforce.com/apex/HTViewSolution?id=000003910&language=en_US) and exact steps to reproduce the issue.

Thanks,
Pratik