Skuid runtime JS fails to load in Salesforce due to XHR problem

Skuid pages are not working properly within our Salesforce application. They work fine in the editor, but when I try to access them through Salesforce, things do not work properly, and some pages fail to load.

The problem seems to be that Skuid is loading in parts of itself via XHR requests to static resources. These requests are to URLs of the form: 

However, accessing these results in an HTTP 302 which points to a resource on a different domain:

Since the browser will not carry out cross-domain XHRs without the proper CORS configuration, these requests fail.

How can I ensure that these resources are served from the same domain as my Salesforce application?

Jon.  A few questions… 

What kind of visualforce redirect method are you using?  If you use the {!redirect} method or the Skuid:page visualforce component?  

Maybe you could post an image of your page where it is not loading (including the URL and the browser console).   If you don’t want to put this on the community let me know and I can reach out via email. 

Another thing:  Can you verify whether the critical update “Serve Static Resources from the Visualforce Domain”  is turned on in your org? 

You can read in great detail about what this update has done in other skuid implementations here:[setting…

Finally - can you let me know what version of Skuid you are running? 


Hi Rob,

I’m not 100% about all of this, as it’s actually our partner who created the Salesforce organisation and set up Skuid. We have just been brought in to integrate our system into a Skuid component, so I am not super familiar with either Skuid or Salesforce.

That said, it appears that we are using the skuid:page component approach.

According to the JS files, the version is Skuid Banzai 7.34.0 20-02-2016

There are only two critical updates listed in setup:

  • PageReference getContent() and getContentAsPDF() Methods Treated as Callouts
  • Require TLS 1.1 or higher for HTTPS connections
I presume the org must be newer than the static resources update, so it has been automatically turned on and cannot be disabled?

I’m happy to supply screenshots and further info via email.

I’m not sure why CORS is even relevant when loading a JS file in a script tag. Can you post the actual error message you’re getting?

Hi Ben,

I have explained the issue in more detail to your colleague via email, but for the purposes of anyone finding this thread in future:

The problem is that we were using the Skuid PageInclude component. This component delegates to jQuery to load, parse and append the included page’s HTML to the master page. However, jQuery.append() does not simply insert script elements into the page, but rather it disables them by fiddling with their type attribute, and loads their src content itself via ajax. This is done to avoid DOM manipulation causing duplicate loading and execution of scripts.

Therefore, when a element is included via a PageInclude, it can trigger an XHR request. And if the src is on a different domain (disguised, in this case, by the fact that Salesforce uses a 302 HTTP response to redirect the initial GET), then it will cause an error.

If the failed script request was for a part of the Skuid runtime that was not already loaded by the master page—in our case it was the REST adapter—then any code which tries to use it will then fail.

Jon, this makes sense now. Yes, the page include gets its dependencies with an XHR instead of a script tag. I can take a deeper look at this later this evening or tomorrow. One quick workaround I can think of (kind of hacky) is to just put a dummy rest model (turn querying off) on your master page, and then it will load in the dependency immediately when the page loads.