Loading

Salesforce Platform: Content Security Policy (CSP) Violations - Release Update Canceled

Fecha de publicación: Mar 7, 2025
Descripción

The Adopt Updated Content Security Policy (CSP) Directives release update is canceled. Salesforce isn’t enforcing the Adopt updated CSP directives setting at this time.

However, to help protect your org from cross-site scripting and other code-injection attacks, we continue to encourage you to enable that setting now. To help you adopt this change, Salesforce plans to improve the reporting on restricted frames, images, and fonts in a future release. When that reporting is available, Salesforce plans to introduce a new release update to enforce the setting.

Key Definition: 

  • CSP (Content Security Policy) :  browser security standard preventing XSS attacks
Solución

Viewing CSP Violations: 

For instructions on how to filter the Trusted URL and Browser Policy Violations list in Setup to view only content security policy (CSP) violations, see Manage Trusted URL and Browser Policy Violations in Salesforce Help. That list view includes a sample of the resources that are blocked with the updated CSP directives, even if the Adopt Updated Content Security Policy (CSP) Directives release update isn’t enabled in your org. 

 

Recommended Actions:

For instructions on how to enable the recommended setting, see Protect Your Org with Updated CSP Directives in Salesforce Help. Because the Trusted URL and Browser Policy Violations list in Setup includes a sample of the blocked resources, we recommend that you test this change in a sandbox before you enable that setting in production.

Número del artículo de conocimiento

002416582

 
Cargando
Salesforce Help | Article