Enable Secure Static Resources for Lightning Components (Update, Postponed)

This update is postponed to Summer ’21. It was scheduled for auto-activation (enforcement) in Spring ’21. To improve security, this update serves all static resources from the visualforce domain instead of the lightning domain. This change prevents a script included in a static resource from accessing the document in the lightning domain due to the same-origin security policy.

Where: This change applies to Aura and Lightning web components in Lightning Experience, Salesforce Classic, Lightning communities, and all versions of the Salesforce app.

When: This update is enforced when a sandbox or production org is upgraded to Summer ’21. To get the major release upgrade date for your instance, go to Trust Status, search for your instance, and click the maintenance tab.

How: To test this update, we recommend working in a sandbox.

To enable this update, from Setup, in the Quick Find box, enter Release Updates, then select Release Updates. For Enable Secure Static Resources for Lightning Components, follow the testing and activation steps.