Cross-Domain XHR

Canvas apps are loaded on a Salesforce page in an iFrame. The Canvas app has its own domain and can't make XML HTTP request (XHR) calls back to the *.salesforce.com domain. You can develop and deploy your own proxies as part of the SDK, however, Canvas provides a client-side proxy written in JavaScript. This proxy enables client-side XHR calls back to Salesforce.

To prepare your Canvas apps for the new web browser restrictions on third-party cookies, see How Third-Party Cookie Restrictions Impact Salesforce Canvas Apps in Salesforce Help.

Important

If you use this proxy from the client to make an XHR request, the API forwards the request to the outer iFrame and the request is submitted on your behalf. When the request is complete, the SDK calls the client’s callback function with the results. Here are some examples of how you can make XHR calls:

The SDK supports cross-domain XHR calls, however, it shouldn’t be used to make same-domain calls.

Note