👋 Use this site to provide feedback and ideas for all Nintex Products. See our post on Nintex Community "Welcome to Nintex Ideas" for more details on Nintex Ideas, how an idea is handled by our product teams and more!
I would like to add a embed a Nintex Form in Salesforce Lightning Component in a Salesforce Community. I can currently do this in a standard Salesforce site by following this article - https://community.nintex.com/t5/Blog/How-to-use-the-Salesforce-Lightning-Component-for-NWC-Forms/ba-p/120121 When trying to do this in a SF Community, I get an error in my browser console saying "Refused to frame 'https://inserttenantnamehere.workflowcloud.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://*.lightning.force.com https://*.visual.force.com" Salesforce Communities have different URLs compared to a standard Salesforce sites. This leads me to believe the https://*.force.com domain needs to be allowed/whitelisted on the Nintex side. Thank you!
Sep 7, 2022
From reading the error at the start of this thread, it looks like the issue is Content Security Policies (CSP) https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy ( https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy ) )
CSP’s do as the name says and ensures that only allowed content is loaded onto the website, it is a new web standard that was created to help prevent cross site scripting attacks (XSS), code injection and other client-side attacks, and are not regarded as best practice and also highly recommended by many government sites.
Found this article from Salesforce about CSP’s: https://developer.salesforce.com/docs/atlas.en-us.lightning.meta/lightning/csp_trusted_sites.htm ( https://developer.salesforce.com/docs/atlas.en-us.lightning.meta/lightning/csp_trusted_sites.htm )
From what we understand the entity will need to add ‘ https://sucessteam.workflowcloud.com/ ( https://sucessteam.workflowcloud.com/ ) ’ as a Trusted Site and this should fix the problem as described here: https://developer.salesforce.com/docs/atlas.en-us.lightning.meta/lightning/csp_trusted_sites.htm ( https://developer.salesforce.com/docs/atlas.en-us.lightning.meta/lightning/csp_trusted_sites.htm )