We have a salesforce app exchange listed application. In this we are opening certain application pages in iframe. I was working fine in lightning till spring 16. We were testing our app in the new summer 16 org as the release is around the corner and we found none of our pages are opening in iframe when lightning is turned ON. Its working in the classic mode though
We found that the error we got in the browser console was of a Content Security Policy (CSP) frame-ancestors 'self'
To test this I created 2 example pagesto check what happens if I hardcode the page url and try to open in an Iframe.
When I try to open Page 1 I got an error "Refused to display 'https://cs3.lightning.force.com/one/one.app#/apex/TestFrameInternal' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'"."
Now I am confused about this content security policy as it allows iframing but only when frame-ancestor is self. I need to understand if I have understood this content security policy correctly and will I be able to open visualforce pages in iframe in lightning ui in summer 16 or not.
Best Answer
I just went through some docs and i want to share that:
1.Reason of error: See these links:
It says:
I haven't tested this issue myself. Probably I will give it a try and will come up with something better. Let me know if you get these points.