Status – Tested
Salesforce Update Description
The existing LockerService critical update tightens Content Security Policy (CSP) to eliminate the possibility of cross-site scripting attacks. These CSP changes are enforced only in sandboxes and Developer Edition orgs. The CSP changes have no effect in production orgs, even when LockerService is activated. The Lightning Component framework uses Content Security Policy (CSP) to control the source of content that can be loaded on a page.