Visualforce page note displaying in iframe: Content Security Policy

[bdbrowder]

When I try to access the softphone in the utility bar, nothing is displayed, and I see the following error in the Chrome console:

Refused to display 'https://<my-domain>--c.visualforce.com/apex/demoAdapterPage?mode=Lightning&ltn_app_id=06m8A0000004TQ1QAM&isdtp=vw&sfdcIframeOrigin=https%3A%2F%2F<my-domain>.lightning.force.com&clc=1&nonce=92329b81206599f990c3f56ada406d7530a9301e26d562e33447f8f08a2a07b9' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://<my-domain>.my.salesforce.com".

[dlouvton]

preview your Vusualforce page (from Setup -> Pages) and paste the full, absolute URL in the Adapter URL in the Call Center Settings, instead of the relative url '/apex/demoAdapterPage'

[bdbrowder]

After making the change I get the same error. Presumably this is because the domain of the Visualforce page that is being displayed in an iframe (https://my-domain--c.visualforce.com/apex/demoAdapterPage) is not the same as that of the requesting page (https://my-domain.my.salesforce.com).

[dlouvton]

can you try the full url with 'my', i.e. https://mydomain.my.salesforce.com/apex/demoAdapterPage ?

[bdbrowder]

I have tried the following URLs in the call center settings:
/apex/demoAdapterPage
https://mydomain--c.visualforce.com/apex/demoAdapterPage
https://mydomain.my.salesforce.com/apex/demoAdapterPage

All result in the same error, because the page being displayed in the iframe is always https://mydomain--c.visualforce.com/apex/demoAdapterPage?... and the requesting page is always https://mydomain.my.salesforce.com

[bdbrowder]

I don't know if it's relevant, but I deployed the demo adapter using sfdx to a Health Cloud org.

[bdbrowder]

Regardless of the URL in the Call Center settings I see 3 requests for demoAdapterPage. The first is for

https://mydomain.lightning.force.com/apex/demoAdapterPage?...

This request returns a 302 that redirects to

https://mydomain.my.salesforce.com/apex/demoAdapterPage?...

This request also returns a 302, this time redirecting to

https://mydomain--c.visualforce.com/apex/demoAdapterPage?

[bdbrowder]

Given that I am also redirected to the visualforce.com domain when I enter https://mydomain.my.salesforce.com/apex/demoAdapterPage into the browser, this seems to be standard behavior. Assuming this is true, is it possible to use a visualforce page to create a custom adapter?

[tjjingshen]

The fix is to turn of click jack protection.
Go to session setting and turn off 2 click jack protection setting

[bdbrowder]

Thank you. The missing step was to go to Setup > Security > Session Settings and add the following as Whitelisted Domains:

• mydomain.my.salesforce.com
• mydomain.lightning.force.com

[Ishitaver]

I am getting same error on one of my visual force page and could not resolve by adding these.

[Tom331]

I was able to fix this by changing the call center setting "CTI Adapter URL2" from https://myinstance.vf.force.com/apex/demoAdapterPage2 to https://myinstance.vf.force.com/apex/demoAdapterPage. Just removing the 2 fixed it, and i also added the above domains to "Trusted Domains" as explained above.