Registering CSP Trusted Sites
Registration of a CSP Trusted Site is required when you localize and distribute sensitive data in China.
The Lightning Component framework uses Content Security Policy (CSP), which is a W3C standard, to control the source of content that can be loaded on a page. If the endpoint is not ended with
incountry.io to use third-party APIs that make requests to an external (non-Salesforce) server, add the server as a CSP Trusted Site.
From Setup, enter CSP in the Quick Find box, then select CSP Trusted Sites.
Click New Trusted Site.
On the CSP Trusted Site Definition page, specify the following information:
Trusted Site Name - enter a meaningful name of the trusted site. So, you can understand what country it relates to.
Trusted Site URL - enter the URL address of InCountry REST API. Besides REST API you may also enter the address of InCountry Border. The URL must begin with
https://. It must include a domain name.
Select the context for this trusted site to control the scope of the approval.
In the CSP Directives section, select all the checkboxes.
When complete, click Save.
Repeat the same procedure for other InCountry endpoints if you manage protected data for multiple countries.