Newer Version Available
Develop Secure Code: Lightning Locker and Stricter CSP
When you develop custom Lightning components or add head markup to your community, you
need to be aware of Lightning Locker and the stricter Content Security Policy (CSP) critical
update. The Lightning Locker architectural layer enhances security by isolating individual
Lightning components in their own containers and enforcing coding best practices. The framework
uses CSP to control the source of content that can be loaded on a page.
Lightning Locker and CSP are documented in “Developing Secure Code” in the Lightning Component Developer Guide. Use that guide as your main point of reference for developing secure code.
Lightning Locker is enforced the same way across all orgs. However, stricter CSP uses a separate critical update for Communities, which is documented more thoroughly here.