Lightning Aura Components Developer Guide

Clouds with binary code floating aboveCloud with binary code floating above

No Results

Search Tips:

  • Please consider misspellings
  • Try different search keywords
Introducing Aura Components
Quick Start
Creating Components
Using Components
Aura Component Bundle Design Resources
Use Aura Components in Lightning Experience and the Salesforce Mobile App
Navigate Across Your Apps with Page References
Get Your Aura Components Ready to Use on Lightning Pages
Use Aura Components in Experience Builder
Use Aura Components with Flows
Add Components to Apps
Integrate Your Custom Apps into the Chatter Publisher
Using Background Utility Items
Use Lightning Components in Visualforce Pages
Use Aura and Lightning Web Components Outside of Salesforce with Lightning Out (Beta)
Lightning Container
Using a Third-Party Framework
Lightning Container Component Limits
Lightning Container Component Security Requirements
lightning:container NPM Module Reference
Communicating with Events
Communicating Across the DOM with Lightning Message Service
Creating Apps
Styling Apps
Developing Secure Code
Using JavaScript
Working with Salesforce Data
Testing Components
Debugging
Performance
Reference
PDF

Lightning Container Component Security Requirements

Ensure that your Lightning container components meet security requirements.

Namespace Validity

The Lightning container component’s security measures check the validity of its namespaces. Suppose that you develop a <lightning:container> component with the namespace “vendor1.” The static resource’s namespace must also be “vendor1.” If they don’t match, an error message appears.

<aura:component>
  <lightning:container
    src="{!$Resource.vendor1__resource + '/code_belonging_to_vendor1'}"
    onmessage="{!c.vendor1__handles}"/>
<aura:component>

Static Resource Content Access

You can’t use raw <iframe> elements to access a Lightning container component. The <lightning:container> component enforces this requirement with the query parameter _CONFIRMATIONTOKEN, which generates a unique ID for each user session. The following code isn’t permitted, because the <iframe> src attribute doesn’t contain a _CONFIRMATIONTOKEN query parameter.

<aura:component>
  <iframe src="https://domain--vendor2.container.lightning.com/lcc/123456/vendor2__resource/index.html"/>
</aura:component>

Instead, use the $Resource global value provider to build the resource URL for the <lightning:container> component.

<aura:component>
  <lightning:container
    src="{!$Resource.vendor2__resource + '/index.html' }"/>
</aura:component>

Distribution Requirements

To upload a package to AppExchange, you must supply all the Lightning container component’s original sources and dependencies. When you provide minified or transpiled code, you must also include the source files for that code and the source map (.js.map) files for the minified code.