Hello 👋,
Let me look into this further. I’m not sure off the top of my head.
Thanks,
Alex, Box Developer Advocate 🥑
Can you try turning off clickjack protection and seeing if that works?
This may work and a few other settings within session settings. I’d recommend trying in a sandbox first.
Yes turning off clickjack protection works, however I prefer not to turn this off.
Support are suggesting adding Trusted Domain in Sessions Settings and also Trust Domains (CSP)
I’ve added this and still see the error
The domain the managed package is trying to reach is this:
https://mydomain--mysandbox--box.sandbox.vf.force.com/
Worth noting, my org domain is this
https://mydomain--mysandbox.sandbox.vf.force.com
The Box target includes “–box” in the domain
Worked but would prefer not to turn off, see other response - thanks
Following the workaround here Help And Training Community and possibly following Help And Training Community
Should fix the issue without disabling clickjack.