Skip to content
Item Detail
2H 2025 Edit
Content Security Policy Feature Available in Admin Center with Enhancement
General Availability Info Only Automatically On Impact: Low AI Enriched
Description

We've moved Content Security Policy (CSP) settings from Provisioning to Admin Center, along with your existing configurations. As a system administrator, you can now enable CSP and configure a URI allowlist. Previously, these tasks could only be done in Provisioning by an implementation partner. We've also enhanced this feature to allow you to add trusted domains for your CSP.See More

Detailed Description

As a system administrator, you can now enable CSP and configure a URI allowlist. We've also enhanced this feature to allow you to add trusted domains for your CSP. Here are the details: In the Application Security Feature Settings admin tool, you can enable CSP to block untrusted content and do the following configurations as needed: Manage a list of trusted page URIs to allow loading all resources in those pages.

Impact Assessment

This feature has limited impact but should be reviewed to confirm alignment with business processes in Security and Compliance implementations. As a system administrator, you can now enable CSP and configure a URI allowlist. We've also enhanced this feature to allow you to add trusted domains for your CSP. Implementation teams should verify that existing configurations remain valid and test core business scenarios after the upgrade to confirm correct behavior.

Test Recommendations
• Verify the feature is enabled and accessible from the expected navigation path or configuration area in a test environment. • Test the end-to-end scenario with representative test data covering both happy paths and error conditions. • Validate correct behavior across all relevant user roles and permission configurations (admin, manager, employee). • Test edge cases: empty or missing values, boundary conditions, concurrent users, and large data sets. • Confirm that existing integrations, workflows, and downstream processes are not affected by the change. • Validate report and dashboard output accuracy against source data and prior runs. • Test feature visibility and access controls across different RBP roles to confirm correct enforcement.
Product: Platform
Modules: Security and Compliance
Feature: Not Applicable
Reference: SFASE-2618
Version: 2H 2025
Valid as Of: Nov 14, 2025
Latest Revision: Oct 03, 2025
Affected Areas:
Analytics & Reporting Platform & Administration Role-Based Permissions Security & Authentication Security and Compliance