Problem with iframe for visualforce page in Lightning Component

I am embedding a Visualforce page from a managed package into a Lightning Component using an iFrame. This is throwing an XSS error when a community user attempts to access the page.

I have replaced the actual domain name with clientdomain for customer confidentiality.

Refused to display ‘https://clientdomain–…land–flex–’ in a frame because it set ‘X-Frame-Options’ to ‘DENY’.

In the Lightning component I have got the URL hardcoded as"

The community users are logging into a site with the domain as

If I can replace the hardcoding of the domain in the Lightning component I suspect this may fix the problem as the user is not authenticated to SF on that domain, but when I have tried using a string like




It throws an error with Invalid page where the component is embedded in a community page.


I was looking for the answer to this as well and i found this. For your code you would have to do

<iframe src="../apex/lightning_calendar" ></iframe>

instead of

<iframe src="/apex/lightning_calendar" ></iframe>

it is an odd work around

Source : Link , Question Author : Dave Humm , Answer Author : josh

Leave a Comment