Content Security Policy(CSP)
CSP is a W3C standard that defines rules to control the source of content that can be loaded on a page. All CSP rules work at the page level and apply to all components and libraries.
When you define a CSP Trusted Site, the site’s URL is added to the list of allowed sites for the following directives in the CSP header.
connect-src
frame-src
img-src
style-src
font-src
media-src
This change to the CSP header directives allows Lightning components to load resources, such as images, styles, and fonts, from the site. It also allows client-side code to make requests to the site.
Path
From Setup, enter CSP Trusted Sites in the Quick Find box, and then select CSP Trusted Sites
1. Enter the site URL
2. Select the Context for this trusted site to control the scope of the approval.
All - (Default)CSP header is approved for both your organization’s Lightning Experience and Lightning Communities.
LEX - CSP header is approved only for your organization’s Lightning Experience.
Communities - CSP header is approved only for your organization’s Lightning Communities.
Reference
Content Security Policy
- The Lightning Component framework uses the Content Security Policy (CSP) to impose restrictions on content.
- The main objective is to help prevent cross-site scripting (XSS) and other code injection attacks.
- To use third-party APIs that make requests to an external (non-Salesforce) server or to use a WebSocket connection, add a CSP Trusted Site.
CSP is a W3C standard that defines rules to control the source of content that can be loaded on a page. All CSP rules work at the page level and apply to all components and libraries.
When you define a CSP Trusted Site, the site’s URL is added to the list of allowed sites for the following directives in the CSP header.
connect-src
frame-src
img-src
style-src
font-src
media-src
This change to the CSP header directives allows Lightning components to load resources, such as images, styles, and fonts, from the site. It also allows client-side code to make requests to the site.
Path
From Setup, enter CSP Trusted Sites in the Quick Find box, and then select CSP Trusted Sites
1. Enter the site URL
2. Select the Context for this trusted site to control the scope of the approval.
All - (Default)CSP header is approved for both your organization’s Lightning Experience and Lightning Communities.
LEX - CSP header is approved only for your organization’s Lightning Experience.
Communities - CSP header is approved only for your organization’s Lightning Communities.
Reference
Content Security Policy
No comments:
Post a Comment