Newer Version Available

This content describes an older version of this product. View Latest

Enable Third-Party Components to Run When Lightning Locker Is Off

If you turn off Lightning Locker in your Experience Builder site, any third-party components installed from a managed package must be configured to be available at design time and render at runtime.

You can turn off Lightning Locker from the Relaxed CSP security level.

If LWS is enabled in the org, when you disable Lightning Locker in an Aura site, you actually disable LWS in the site. If you disable Lightning Locker in the LWR site, the site’s instance of LWS is disabled, even if LWS is enabled in the org. LWR sites can include third party libraries without disabling Lightning Locker or LWS. For more information see Integrate Third-Party Libraries Using the Privileged Script Tag in LWR Sites for Experience Cloud.

Turning off Lightning Locker can introduce security flaws to your site. Disable Lightning Locker only as a last resort.

Warning

Configure Third-Party Aura Components to Run Without Lightning Locker

For third-party Aura components, managed package developers must configure the lightningcommunity:allowInRelaxedCSP interface for the component.

Configure Third-Party Lightning Web Components to Run Without Locker

For third-party Lightning web components, managed package developers must configure the lightningCommunity__RelaxedCSP value in the capability tag of the component’s configuration file.