Newer Version Available
CspTrustedSite
Represents a CSP Trusted
Site. The Lightning Component framework uses Content Security Policy
(CSP) to impose restrictions on content. The
main objective of
CSP is to help prevent cross-site scripting (XSS) and other code injection attacks. To use
third-party APIs that make requests to an external (non-Salesforce) server or to use a
WebSocket connection, add the server as a CSP Trusted
Site.
Available in API version 39.0 and later.
Supported SOAP Calls
create(), delete(), describeSObjects(), query(), retrieve(), update(), upsert()
Supported REST HTTP Methods
GET
Fields
| Field | Field Type | Description |
|---|---|---|
| context | CspTrustedSiteContext (enumeration of type string) | Declares the scope of trust for the listed third-party host.
For custom Visualforce pages, content is restricted to CSP Trusted Sites only if the page’s cspHeader attribute is set to true. This field is available in API version 44.0 and later. |
| description | string | The description explaining what this trusted site is used for. |
| endpointUrl | string | Required. The URL for the trusted site. |
| isActive | boolean | Required. Indicates if the trusted site is active (true) or not (false). |
| isApplicableToConnectSrc | boolean | Required. Indicates if Lightning components can load URLs using script interfaces from this site (true) or not (false). This field is available in API version 48.0 and later. |
| isApplicableToFontSrc | boolean | Required. Indicates if Lightning components can load fonts from this site (true) or not (false). This field is available in API version 48.0 and later. |
| isApplicableToFrameSrc | boolean | Required. Indicates if Lightning components can load resources contained in <iframe> elements from this site (true) or not (false). This field is available in API version 48.0 and later. |
| isApplicableToImgSrc | boolean | Required. Indicates if Lightning components can load images from this site (true) or not (false). This field is available in API version 48.0 and later. |
| isApplicableToMediaSrc | boolean | Required. Indicates if Lightning components can load audio and video from this site (true) or not (false). This field is available in API version 48.0 and later. |
| isApplicableToStyleSrc | boolean | Required. Indicates if Lightning components can load style sheets from this site (true) or not (false). This field is available in API version 48.0 and later. |
| mobileExtension | string | Reserved for future use. |