Enhance Security with LockerService for Communities (Critical Update)

This critical update enables LockerService security for Lightning components in Communities only. It’s separate from the general LockerService critical update, which activates the LockerService security enforcements throughout your Salesforce org, but not in Communities.

LockerService for Communities will be activated everywhere in the Spring ’17 release (scheduled for February 2017). Use this critical update to test LockerService in Communities independently from the rest of your Salesforce org prior to the auto-activation date.

LockerService enforces a number of security features in your code, which are detailed in the general Lightning LockerService Security critical update. In addition, LockerService for Communities affects the markup used in the <head> of your community’s pages.
Restrictions to page <head> markup in Community Builder
Inline scripts are not permitted. For example:
<script>
function doSomething() { }
</script>
Tip

Tip

To access the page <head> in Community Builder, click Settings | Advanced | Edit Head Markup.

Activate the Critical Update

We recommend that you test this update in a Developer Edition org to verify correct behavior of your custom Lightning components before enabling it in your production org.

To activate this critical update:

  1. From Setup, enter Critical Updates in the Quick Find box, and then select Critical Updates.
  2. For “Enable Lightning LockerService Security for Communities”, click Activate.
  3. Refresh your browser page to proceed with LockerService enabled for Communities.
Note

Note

  • This critical update doesn’t affect communities using the Salesforce Tabs + Visualforce template.
  • IE11 is supported for Communities. However, because IE11 doesn't support CSP, we recommend using other supported browsers instead for enhanced security.
  • Unlike the general LockerService critical update, prior to the auto-activation date, LockerService for Communities is not automatically enabled for:
    • New orgs created after the Summer ’16 release
    • Developer Edition orgs
    • Existing orgs without custom Lightning components