We're attempting to use a custom domain (ex. https://lightningout.example.com) to as the domain for lightning out components, see example below. We've configured a subdomain on our website and issues a specific CA-cert for that subdomain, the HTTPS site is loading with no issues and we've linked the subdomain to an experience site that loads with no issue.
The problem arises when we are attempting to use that subdomain within $lightning.use()
<!-- Lightning Out --> <script src="https://lightningout.example.com/lightning/lightning.out.js"></script> <div id="lightningoutwidget" style="z-index: 999;position: absolute;"></div> <script> $Lightning.use( 'namespace:lightningApp', // name of the Lightning app function () { // Callback once framework and app loaded $Lightning.createComponent( 'namespace:lightningComponent', // Component { view: 'button', showFilters: true, notificationsEnabled: true, notificationMessage: '', }, // attributes to set on the component when created 'lightningoutwidget', // the DOM location to insert the component function (cmp) { console.log('component created'); // callback when component is created and active on the page } ); }, 'https://lightningout.example.com', // Site endpoint {{{access_token}}} ); </script> Our lightning app and lighting component are configured to not allow guest user access and we do not want to give guest user access. Additionally that {{{access_token}}} variable is from a system admin.
We're follow step #4 on this link :
https://developer.salesforce.com/docs/platform/lwc/guide/lightning-out-third-party-cookies.html
