Newer Version Available

This content describes an older version of this product. View Latest

Develop Secure Code: LockerService and Stricter CSP

When you develop custom Lightning components or add head markup to your community, you need to be aware of LockerService and the stricter Content Security Policy (CSP) critical update. The LockerService architectural layer enhances security by isolating individual Lightning components in their own containers and enforcing coding best practices. The framework uses CSP to control the source of content that can be loaded on a page.

LockerService and CSP are documented in “Developing Secure Code” in the Lightning Component Developer Guide. Use that guide as your main point of reference for developing secure code.

LockerService is enforced the same way across all orgs. However, stricter CSP uses a separate critical update for Communities, which is documented more thoroughly here.