Resolved.
Details:
When the theme tries to load, console returns these errors:
Uncaught DOMException: Blocked a frame with origin “https://myserver.visual.force.com” from accessing a cross-origin frame.
… which appears to involve browser same-origin policy settings:
https://stackoverflow.com/questions/25098021/securityerror-blocked-a-frame-with-origin-from-accessin…
Also, a consultant who works on our instance from another location found that he did not get these errors, and was able to load the theme composer.
We ruled out LAN. His browser or OS environment may be different. Which is nice and maybe we hack away at our browser or OS settings to resemble the external consultant’s. Without putting in time to learn more about the same-origin policy, that seems a bit reckless.
The nature of the errors reminded our sysadmin that we recently enabled two Salesforce Security Session Settings for Clickjack Protection:
- TRUE Enable clickjack protection for customer Visualforce pages with standard headers
- TRUE Enable clickjack protection for customer Visualforce pages with headers disabled
- TRUE Enable clickjack protection for customer Visualforce pages with standard headers
- FALSE Enable clickjack protection for customer Visualforce pages with headers disabled
If anyone from Skuid can provide info on the following, I’d appreciate the illumination.
- What is the conflict between theme composer and the Salesforce Session Setting Enable clickjack protection for customer Visualforce pages with headers disabled
- Can this conflict be resolved in a Skuid update?
- Is the browser same-origin policy relevant to this problem?
