How to configure CSP Trusted Sites

Customers using the CSP Trusted Sites feature may receive a 500 or 502 server internal error if the HTTP header size exceeds the limit of 8 KB. We recommend that you review your trusted sites, deselect directives that aren't relevant for the site and use the wildcard character (*) when appropriate to reduce repetition.

Step-by-step guide

  1. Navigate to the Salesforce Setup:

    • If you’re using Lightning Experience, click the settings icon, then select Setup Home.

    • If you’re using Salesforce Classic and you see Setup in the user interface header, click it. 

    • If you’re using Salesforce Classic and you don’t see Setup in the header, click your name, then select Setup.

  2. Enter "CSP Trusted Sites" in the Quick Find box, then select the appropriate page from the menu.

  3. Search for the following entries and delete them by pressing "Del" under the "Action" column on the specific row of the listed entry:

  4. Now, let’s edit the CSP Directives for the remaining entries. Search for the following entries and edit them by pressing "Edit" under the "Action" column on the specific row that the entry is listed:

    • AWS_prod: https://social25-prod.s3.amazonaws.com

      • Click "Edit" and navigate under the CSP Directives section.

      • Check the checkboxes next to "Allow site for img-src" and "Allow site for media-src" ,and uncheck the rest of the checkboxes.

      • Press "Save".

    • AWS_staging: https://social25-staging.s3.amazonaws.com 

      • Click "Edit" and navigate under the CSP Directives section.

      •  Check the checkboxes next to "Allow site for img-src" and "Allow site for media-src" ,and uncheck the rest of the checkboxes.

      •  Press "Save".

    • Social25_Api_Prod: https://social25.herokuapp.com

      • Click "Edit" and navigate under the CSP Directives section.

      • Check the checkbox next to "Allow site for connect-src" ,and uncheck the rest of the checkboxes.

      • Press "Save".

    • Social25_Api_Staging: https://social25-staging.herokuapp.com

      • Click "Edit" and navigate under the CSP Directives section.

      • Check the checkbox next to "Allow site for connect-src" ,and uncheck the rest of the checkboxes.

      • Press "Save".

  5. Finally, we can add the following entries by clicking  "New Trusted Site":

    • Giphy : https://*.giphy.com

      • Under General Information, enter Giphy as the Trusted Site Name and https://*.giphy.com as the Trusted Site URL.

      • Under CSP Directives, check the checkboxes next to "Allow site for connect-src" and "Allow site for img-src", and uncheck the rest of the checkboxes. Press “Save & New”.

    • Pusher: https://*.pusher.com

      • Under General Information, enter Pusher as the Trusted Site Name and https://*.pusher.com as the Trusted Site URL.

      • Under CSP Directives, check the checkbox next to "Allow site for connect-src", and uncheck the rest of the checkboxes.

      • Press "Save & New".

    • Pusher_Wss: wss://*.pusher.com 

      • Under General Information, enter Pusher_Wss as the Trusted Site Name and wss://*.pusher.com as the Trusted Site URL.

      • Under CSP Directives, check the checkbox next to "Allow site for connect-src", and uncheck the rest of the checkboxes.

      • Press "Save & New".

    • Instagram_CDNhttps://lookaside.fbsbx.com

      • Note: You do not need to create this entry unless you plan to use the Instagram Platform.

      • Under General Information, enter Instagram_CDN as the Trusted Site Name and https://lookaside.fbsbx.com as the Trusted Site URL.

      • Under CSP Directives, check the checkbox next to "Allow site for img-src" and "Allow site for media-src" , and uncheck the rest of the checkboxes.

      • Press "Save".

  6. After making changes to the CSP Trusted Sites, all the users of the org should clear their browser cookies and hard-refresh the Salesforce browser tabs/windows to make sure that the new configuration propagates as expected.

Related articles





On this page