Unable to open Mashup via New Tab from iFrame

ashishtamhane · ‎Oct 18, 2023

I am attempting to display a Mashup in SalesForce through an iFrame and have set the below properties to the iFrame:

referrerpolicy="origin"

sandbox="allow-downloads allow-forms allow-popups allow-same-origin allow-scripts"

ancestors="self"

Along with this we have also whitelisted the SalesForce URL in ThingWorx that is mentioned in this documentation.

After doing the above changes when I am navigating to the iFrame I get the below authentication display which passes successfully and I am able to open the mashup in a new tab.

However on that mashup if I attempt to invoke a Remote Session I get the below error:

Refused to frame ''because it violates the following Content Security Policy directive: "frame-src https://company--test.sandbox.lightning.force.com".

I am a bit confused as to how this issue is coming in the new tab window? Any pointers?

Thanks,

Ashish Tamhane

VladimirN · ‎Oct 19, 2023

Articles:

"Error "'Refused to frame 'https://<URL>' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'" when accessing the ThingWorx Mashup embedded in iFrame": https://www.ptc.com/en/support/article/CS346514
"Unable to edit ThingWorx mashups due to Browser Content Security Policy error": https://www.ptc.com/en/support/article/CS364789

ashishtamhane · ‎Oct 24, 2023

This does not seem to work.

I am getting the below error in Firefox if I try to call the ' LaunchClient' service of the RAClientLinker Widget.

Content-Security-Policy: The page’s settings blocked the loading of a resource at tw-ra-client://N8912b36a-7775-47f8-8ceb-96da1187f626@COMPANYNAME-twx.cloud.thingworx.com:/548d9cba-cf53-4c68-a9a4-c8c1d2852a53?clientId=9e72b50c-65eb-41d7-b27a-5bbe7262dab5&rav=3.1.7&alp=%7B%22AutoLaunch%22%3A%22%3C%24DOWNLOAD_TO%3E%5C%5CAxedaDesktopViewer_v68209.exe%20-normalcursor%20%3C%24HOST%3E%3A%3C%24PORT%3E%22%7D (“frame-src”).