Create CSP Trusted Sites

The Lightning Component framework uses Content Security Policy (CSP) to impose restrictions on content. The main objective is to help prevent cross-site scripting (XSS) and other code injection attacks.

To use third-party APIs that make requests to an external (non-Salesforce) server or to use a WebSocket connection, add a CSP Trusted Site.

Process to add CSP Trusted Sites

  • Go to Setup
  • Go to my Domain

  • Copy Url from “Current My Domain URL” as marked in the screenshot.
  • Search for “CSP Trusted Sites” in setup
  • Add new
  • Provide “Trusted Site Name”
  • Provide “https://” in Trusted site URL

  • Append “Trusted Site URL” with link from 3rd point.

Note* - This URL is custom to every org (User need to pick the URL part from the org URL)

  • Active
  • Select all the Directives under CSP Directives