Lightning Out Requirements

Deploying a Lightning web component using Lightning Out has a few requirements to ensure connectivity and security.

Verify that the remote web container, or origin server, supports these requirements.

• Ability to modify the markup served to the client browser, including both HTML and JavaScript. You must be able to add the Lightning Out markup.
• Ability to acquire a valid Salesforce session ID.
• Ability to access your Salesforce instance. For example, if the origin server is behind a firewall, it needs permission to access the Internet, at least to reach Salesforce.

Use Lightning Locker, which is a security architecture for Lightning components. Lightning Out isn’t supported when Lightning Web Security is enabled. We recommend Lightning Web Security as the preferred security architecture for most orgs, but you must use Lightning Locker instead if you use Lightning Out.

Configure your Salesforce org.

• Create a Connected App so that the origin server can authenticate and connect.
• Add the origin server to the Cross-Origin Resource Sharing (CORS) allowlist.

Create a special Lightning Out app that contains dependency information for all Lightning web components hosted on the origin server.

To work with Lightning Out, you must either set up a custom domain or your Safari users must change their cross-site tracking browser setting. This requirement applies to Safari users on desktop and mobile devices. For more details, see Enable Browser Third-Party Cookies for Lightning Out.

See Also

• Security with Lightning Locker