Problem

SFDC integration (Enhanced/Legacy) for Virtual Contact Center appears down. Users get a blank screen or (as applicable) no pop-up on login.

Cause

This is due to Salesforce clickjack protection feature being enabled.

This critical update enables clickjack protection for all non-setup Salesforce pages to protect against user interface redress attacks, as framed pages can be used by hackers.

After clickjack protection is enabled, if your organization displays non-setup Salesforce pages within a frame or iframe, it is possible that the pages will either display as a blank page or without the frame. The behavior varies depending on your browser and its version.

Resolution

According to SFDC, there are two ways to handle existing framed pages.

  • Keep clickjack protection enabled, and discontinue displaying these pages within a frame or iframe. (This is the SFDC-recommended solution.)

  • Disable clickjack protection, allowing you to continue framing non-setup Salesforce pages. (Because the pages remain potentially vulnerable to clickjack attacks, SFDC recommends against this option.)

Note: With the Spring 2014 release of SFDC, the ability to disable clickjack protection from the Session Settings page was removed. To disable clickjack, you must contact Salesforce.com Customer Support.

See the Clickjack Protection for Non-Setup Salesforce Pages release notes for more information.