With the Spring ’14 Release of salesforce, ClickJack Protection will be auto enabled for new orgs, and admins are encouraged to enable ClickJack Protection for existing orgs using the associated Critical Updates.
The Summary for the Critical Update is not very informative about the impacts, but leaves the Admin to try and fail, only to realize afterwards that once enabled it is not so easy to go back.
We as a certified ISV provider thrive to make applications which integrate smoothly with salesforce without taking the user to a non-salesforce host, reutilizing the native salesforce functionality. But when you enable the clickjack protection you apply limits as to how and what these Mash-Ups can consist of.
Clickjack protection in salesforce
Salesforce has 3 levels of enablement, of which the following 2 are relevant for this discussion:
Enable clickjack protection for non-setup Salesforce pages
Enable clickjack protection for non-setup customer Visualforce pages
Enable clickjack protection for non-setup Salesforce pages.
If you enable this you will not be able to include salesforce pages in iframes
We are using this functionality in our list based merge wizard to facilitate the use of the standard salesforce merge facility and the Matched Record Detail, in a way to eliminate too many clicks and navigation between different pages when reviewing and merging duplicates.
Enable clickjack protection for non-setup customer Visualforce pages.
If you enable this you will not be able to include visualforce pages in iframes on other visualforce pages, nor will be able to include visualforce pages on standard salesforce page layouts, e.g. to create a mash-up to present information from one application on the Account Page Layout.
We are using this functionality in our list based merge wizard to facilitate the use of the Quick Merge Wizard without the need to navigate from page to page, but simply update a part of the existing page, and the Dupe Status on the Account/Contact/Lead Page Layout is a Visualforce page which presents the Dupe Status of the current records directly on the page layout as a “Mash-up”.
For optimal use of the merge wizard, we recommend you to consider carefully before you apply the Critical Update and enable the clickjack protection (level 2+3).
If you have or is about to enable the clickjack protection this is the impact and the things you need to do in order to keep using the DataTrim features:
1) Install/upgrade to the latest version of DataTrim Dupe Alerts
2) Once installed goto the DataTrim Setup: (/apex/TRIMDA__TRIMDA_DupeAlerts?display=setup), and align the Clickjack enablement to what you have in your Session settings: (/_ui/system/security/SessionSettings)
If you enable: Enable clickjack protection for non-setup Salesforce pages, the Quick Merge will become your default Merge wizard. To use the standard salesforce merge facility click the Open Wizard button and the wizard will open in a new window/tab. Same apply for Details, the Details will display in a new window/tab.
If you also enable: Enable clickjack protection for non-setup customer Visualforce pages, you will also have to click the button in order to open the Quick Merge wizard.
With the 3rd level of clickjack protection enabled, you will unfortunately not be able to use the Dupe Status Visualforce pages on the Pagelayout of the Accounts/Contacts/Leads. You will most likely get an error message: URL No Longer Exists
To get an optimal use of the DataTrim features, reduced number of clicks and page loads, not-enabling or disabling the level 2 and 3 of the clickjack protection is your best option.
To disable the clickjack protection you must create a case with salesforce support. After the Spring 2014 release you cannot disable the level 2 clickjack protection.
If you have enabled clickjack protection you must install version 1.48 or later of DataTrim Dupe Alerts and deploy the new processes.
We released a new version of DataTrim Dupe Alert which supports both the ‘old’ setup where clickjack is disable, but also support organisations where clickjack protection is enabled.
Take the advantage of upgrading your existing version and benefit from the bug fixes in this version.
|DataTrim Dupe Alerts|
|Use this URL to install the package into any organization:
Or get the latest version from our website
Note: If you are installing into a sandbox organization you must replace the initial portion of the URL with http://test.salesforce.com