[SalesForce] Problem with iframe for visualforce page in Lightning Component

I am embedding a Visualforce page from a managed package into a Lightning Component using an iFrame. This is throwing an XSS error when a community user attempts to access the page.

I have replaced the actual domain name with clientdomain for customer confidentiality.

Refused to display 'https://clientdomain–flex.cs82.my.salesforce.com/?ec=302&startURL=%2Fvisual…land–flex–b25.cs82.visual.force.com%252Fapex%252Fb25__lightning_calendar' in a frame because it set 'X-Frame-Options' to 'DENY'.

In the Lightning component I have got the URL hardcoded as


The community users are logging into a site with the domain as


If I can replace the hardcoding of the domain in the Lightning component I suspect this may fix the problem as the user is not authenticated to SF on that domain, but when I have tried using a string like




It throws an error with Invalid page where the component is embedded in a community page.

Best Answer

I was looking for the answer to this as well and i found this. For your code you would have to do

<iframe src="../apex/lightning_calendar" ></iframe>

instead of

<iframe src="/apex/lightning_calendar" ></iframe>

it is an odd work around