Enable Stricter Content Security Policy for Lightning Components

Status – Awaiting Test

Salesforce Update Description

The Lightning Component framework already uses CSP, which is a W3C standard, to control the source of content that can be loaded on a page. This critical update enables stricter Content Security Policy (CSP) to mitigate the risk of cross-site scripting attacks. Stricter CSP is enforced only in sandboxes and Developer Edition orgs.