Skip to main content

When trying to add Salesforce UI Elements into Lightning Page or Flow - I am seeing this error when opening page or running the flow



Refused to frame 'https://mydomain--mysandbox-box.sandbox.vf.force.com/' because an ancestor violates the following Content Security Policy directives: "frame-ancestor 'self'"



Additional Info: https://developer.box.com/guides/tooling/salesforce-toolkit/ui-elements/

Hello 👋,



Let me look into this further. I’m not sure off the top of my head.



Thanks,


Alex, Box Developer Advocate 🥑


Can you try turning off clickjack protection and seeing if that works?


This may work and a few other settings within session settings. I’d recommend trying in a sandbox first.


Yes turning off clickjack protection works, however I prefer not to turn this off.



Support are suggesting adding Trusted Domain in Sessions Settings and also Trust Domains (CSP)



I’ve added this and still see the error



The domain the managed package is trying to reach is this:



https://mydomain--mysandbox--box.sandbox.vf.force.com/



Worth noting, my org domain is this



https://mydomain--mysandbox.sandbox.vf.force.com



The Box target includes “–box” in the domain


Worked but would prefer not to turn off, see other response - thanks


Following the workaround here Help And Training Community and possibly following Help And Training Community


Should fix the issue without disabling clickjack.


Reply