Experience Cloud Developer Guide

Get Up to Speed with Experience Builder Sites
Develop Experience Builder Sites: The Basics
Customize the Look and Feel of an Experience Builder Template
Develop Secure Sites: Authenticated and Guest Users
Develop Secure Sites: CSP, LWS, and Lightning Locker
Resolve Lightning Locker Conflicts in Aura Sites
Enable Third-Party Components to Run When Lightning Locker Is Off
Example: Adobe Analytics and Lightning Locker in Aura Sites
Analyze and Improve Experience Builder Site Performance
Add Pardot Tracking to Your Experience Builder Site
Use a CMS with Your Experience Builder Site
Report on Deflections: The Deflection Signals Framework
Deploy an Experience Cloud Site from Sandbox to Production
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Enable Third-Party Components to Run When Lightning Locker Is Off

If you turn off Lightning Locker in your Experience Builder site, any third-party components installed from a managed package must be configured to be available at design time and render at runtime.

You can turn off Lightning Locker from the Relaxed CSP security level.

If LWS is enabled in the org, when you disable Lightning Locker in an Aura site, you actually disable LWS in the site. If you disable Lightning Locker in the LWR site, the site’s instance of LWS is disabled, even if LWS is enabled in the org. LWR sites can include third party libraries without disabling Lightning Locker or LWS. For more information see Integrate Third-Party Libraries Using the Privileged Script Tag in LWR Sites for Experience Cloud.

Turning off Lightning Locker can introduce security flaws to your site. Disable Lightning Locker only as a last resort.

Warning

Configure Third-Party Aura Components to Run Without Lightning Locker

For third-party Aura components, managed package developers must configure the lightningcommunity:allowInRelaxedCSP interface for the component.

Configure Third-Party Lightning Web Components to Run Without Locker

For third-party Lightning web components, managed package developers must configure the lightningCommunity__RelaxedCSP value in the capability tag of the component’s configuration file.