Enable Stricter Content Security Policy for Lightning Components in Communities

Status – Awaiting Test

Salesforce Update Description

This critical update enables stricter Content Security Policy (CSP) in sandboxes and Developer Edition orgs for Lightning communities only. The Lightning Component framework already uses CSP, which is a W3C standard, to control the source of content that can be loaded on a page. This update enables stricter CSP to mitigate the risk of cross-site scripting attacks.