Lightning Communities Developer Guide

Get Up to Speed with Lightning Communities
Develop Lightning Communities: The Basics
Customize the Look and Feel of a Lightning Template
Example: Build a Condensed Theme Layout Component
Develop Secure Code: Locker Service and Stricter CSP
Locker Service in Communities
Critical Update for Stricter CSP Restrictions in Communities
Analyze and Improve Community Performance
Connect Your Community to Your Content Management System
Deploy a Community from Sandbox to Production
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Develop Secure Code: Locker Service and Stricter CSP

When you develop custom Lightning components or add head markup to your community, you need to be aware of Locker Service and the stricter Content Security Policy (CSP) critical update. The Locker Service architectural layer enhances security by isolating individual Lightning components in their own containers and enforcing coding best practices. The framework uses CSP to control the source of content that can be loaded on a page.

Locker Service and CSP are documented in “Developing Secure Code” in the Lightning Component Developer Guide. Use that guide as your main point of reference for developing secure code.

Locker Service is enforced the same way across all orgs. However, stricter CSP uses a separate critical update for Communities, which is documented more thoroughly here.