Salesforce | What is CSP Trusted site in sfdc? - Forcetalks

Tagged: Content Security Policy, Cross Site Scripting, CSP, Lightning Component Framework, SFDC, Third Party API

Salesforce® Discussions

What is CSP Trusted site in sfdc?

Posted by Saddam on September 13, 2019 at 11:05 AM

What is CSP Trusted site in sfdc?

Piyush replied 6 years, 9 months ago 3 Members · 2 Replies
2 Replies

Laveena

Member
September 13, 2019 at 11:37 AM

Hi Saddam,

The Lightning Component framework uses Content Security Policy (CSP) to impose restrictions on content. The main objective is to help prevent cross-site scripting (XSS) and other code injection attacks. To use third-party APIs that make requests to an external (non-Salesforce) server or to use a WebSocket connection, add a CSP Trusted Site.

Thanks
[adinserter block='9']
Piyush

Member
September 16, 2019 at 5:16 AM

Hi,

Content Security Policy is enforced by adding an HTTP header with name “Content-Security-Policy” and defining a rule pattern. Based on the ruleset defined, the browser restricts the web page from downloading malicious content from unknown sources.

Log In to reply.