Assign a Content Security Policy Level to Your Community

The default script security level is now strict, which provides optimum security. A strict Content Security Policy (CSP) blocks inline scripts from running in your site. It allows non-script resources, such as images from approved, third-party hosts to display. We recommend using the strict level.

Where: This change applies to Lightning communities accessed through Lightning Experience and Salesforce Classic in Essentials, Enterprise, Performance, Unlimited, and Developer editions.

When: This change takes effect in February 2019.

How: You can change the security levels in Settings > Security in Community Builder.



We removed the Allow Inline Scripts and Script Access to Any Third-party Host option for new communities. This option was the default option, and is still an option for existing communities.