| BLOCKED_URI |
- Type
- String
- Description
- The full string of the blocked resource. If the call to
the blocked resource used a URL,
BLOCKED_URI is the full
URL.
- Examples
-
- https://www.example.com/images/picture.png
- file://host1:0002/media/video.mp4
|
| BLOCKED_URI_DOMAIN |
- Type
- String
- Description
- If BLOCKED_URI is a URL, the domain for that URL. To allow
resources to be loaded from the
BLOCKED_URI,
BLOCKED_URI_DOMAIN is the
endpointUrl value to add or
update in the CspTrustedSite Metadata API.
- Example
- www.example.com
|
| COLUMN_NUMBER |
- Type
- Number
- Description
- The column number in the document or worker script at which the violation occurred.
This value is relevant only when
DIRECTIVE is unsafe_eval or unsafe-inline.
- For those violations, use this value with
LINE_NUMBER to identify the
location of the violation.
- Example
- 27
|
| CONTEXT |
- Type
- String
- Description
- The content security policy (CSP) context for the request. The CSP context controls
which pages can load content from a CspTrustedSite.
- CSP violation events capture details about blocked
resource requests from only Lightning Experience pages,
this value is always Lightning.
|
| DIRECTIVE |
- Type
- String
- Description
- The CSP directive that blocked the resource request.
- Possible Values
-
- font-src
- frame-src
- img-src
- media-src
- style-src
- unsafe-eval
- unsafe-inline
For information on these directives and a full
list of all CSP directives, see MDN Web Docs:
Content-Security-Policy.
|
| DISPOSITION |
- Type
- String
- Description
- The CSP violation handling instruction for the user agent at the time of the
violation.
- Possible Values
-
-
enforce—Enforce the policy
violation. For violations with this DISPOSITION, the
resource request was blocked.
-
report—Report the policy
violation. For violations with this DISPOSITION, the resource
request wasn’t blocked, but the violation was reported.
- If the Update Your Trusted URLs for the Latest CSP
Directives release update isn’t enabled in your org,
violations that occur when that release update is
enforced have a DISPOSITION of
report.
|
| EVENT_TYPE |
- Type
- String
- Description
- The type of event. The value is always CspViolation
|
| LINE_NUMBER |
- Type
- Number
- Description
- The line number in the document or worker script at
which the violation occurred. This value is relevant
only when DIRECTIVE is unsafe_eval or unsafe-inline. For
those violations, use this value with
COLUMN_NUMBER to identify the
location of the violation.
- Example
- 12
|
| REQUEST_ID |
- Type
- String
- Description
- The unique ID of a single transaction. A transaction can
contain one or more events. Each event in a given
transaction has the same
REQUEST_ID.
- Example
- 0000000062_0000x8Lz-
|
| RESOURCE_SAMPLE |
- Type
- String
- Description
- A sample of the resource that caused the violation,
usually the first 40 characters, or the empty
string.
- Example
-
var lastRow = 4;greyLink('fRemoveRowLink
var SFDCSessionVars={\"server\":\"https:\\/\\
LoginHint.getSavedIdentities(false);
LoginHint.saveHintEdit();
function handleLogin(){document.login.un…
|
| SOURCE |
- Type
- String
- Description
- The page where this CSP violation originated. For
example, if your CSP policy prevented an image from
loading on a Visualforce page,
SOURCE contains the URL of that
page.
- Example
- https://MyDomainName.my.salesforce.com/apex/HelloWorld
|
| SOURCE_FILE |
- Type
- String
- Description
- The URL of the script in which the violation occurred. If the violation didn’t occur
in a script, SOURCE_FILE is
null.
- Example
- https://www.example.com/script_xyz.js
|
| TIMESTAMP |
- Type
- DateTime
- Description
- The access time of Salesforce services in GMT.
- Example
- 20220715233322.670
|
| TIMESTAMP_DERIVED |
- Type
- DateTime
- Description
- The access time of Salesforce services in
ISO8601-compatible format (YYYY-MM-DDTHH:MM:SS.sssZ). The time zone
is always GMT.
- Example
- 2022-07-27T11:32:59.555Z.
|
j