Skip to main content

Registering CSP Trusted Sites


Registration of a CSP Trusted Site is required when you localize and distribute sensitive data in China.

The Lightning Component framework uses Content Security Policy (CSP), which is a W3C standard, to control the source of content that can be loaded on a page. If the endpoint is not ended with to use third-party APIs that make requests to an external (non-Salesforce) server, add the server as a CSP Trusted Site.

  1. From Setup, enter CSP in the Quick Find box, then select CSP Trusted Sites.

    CSP Trusted Sites

  2. Click New Trusted Site.

    New Trusted Site

  3. On the CSP Trusted Site Definition page, specify the following information:

    • Trusted Site Name - enter a meaningful name of the trusted site. So, you can understand what country it relates to.

    • Trusted Site URL - enter the URL address of InCountry REST API. Besides REST API you may also enter the address of InCountry Border. The URL must begin with https://. It must include a domain name.

  4. Select the context for this trusted site to control the scope of the approval.

  5. In the CSP Directives section, select all the checkboxes.

  6. When complete, click Save.

Repeat the same procedure for other InCountry endpoints if you manage protected data for multiple countries.