This critical update removes access to Salesforce APIs from inside the <lightning:container> iframe because this access is a security risk. Managed applications have full API access and can modify records not intended to be used by those applications. For example, a to-do list application could view and modify data in unrelated objects, such as Opportunities.
Activate and Test This Critical Update
We recommend testing this critical update and activating it now. This update is automatically enforced in your org on the auto-activation date. Test your <lightning:container> components in a Developer Edition org to verify that your <lightning:container> components still work without API access. If you must work in your production org, do so during off-peak hours.
- From Setup, enter Critical Updates in the Quick Find box, and then select Critical Updates.
- For API Access for <lightning:container> Apps Is Revoked, click Activate.
- Test the <lightning:container> components that previously used API access.