Newer Version Available

This content describes an older version of this product. View Latest

Lightning Web Security in LWR Sites

Instead of Lightning Locker, LWR sites in Experience Cloud use Lightning Web Security (LWS), the new security architecture for Lightning web components. LWS supports cross-namespace communication for Lightning web components, in addition to the usual security features that Lightning Locker provides. Cross-namespace communication lets you import components from other namespaces and use them via composition or extension.

Lightning Web Security makes it easier to take advantage of third-party libraries, such as analytics and charting that work within your Lightning web components.

Also, interactions with global objects are no longer restricted. Because each namespace is given its own sandbox, we can expose document, window, and element globals directly without secure object wrappers. In turn, more standard DOM APIs can work successfully, and exposed APIs within your namespace behave the same as any web context without secure wrappers.

See Lightning Web Security in the Lightning Web Components Developer Guide.

LWR sites use their own instance of LWS. The Use Lightning Web Security for Lightning web components (GA) and Aura components (Beta) setting in Session Settings in Setup, described in Enable Lightning Web Security in an Org, has no effect on LWR sites. Instead, the site-level setting in Experience Builder controls whether the site uses LWS, regardless of the org-level setting.

Note