| Status | Done | Related work item | PLTFM-2721 |
| Description | As part of Salesforce's Summer '24 release, Salesforce is updating the content security policy (CSP) directives for Lightning pages. This prevents Microsoft 365 domains that are embedded as iframes in Lightning pages from loading and may prompt an error in your browser. For more information about the release update, reference Salesforce's documentation. | | |
| Affects version(s) | All versions | Impacted capabilities | N/A |
| Steps to reproduce | 1. Ensure that your org has both of the following: - the Salesforce Summer '24 release with the Adopt Updated Content Security Policy (CSP) Directives release update enabled - the Microsoft 365 integration 2. Create a Document record with a Microsoft 365 file (e.g., upload a .doc file). 3. Check out the document in Microsoft 365. 4. Check the document back in. In the Check In Document modal, notice how the preview of the Microsoft 365 file does not load. | | |
| Workaround | To ensure that Microsoft 365 iframes load as expected, configure Microsoft 365 as a trusted site: 1. In Settings, search for and select Trusted URLs. 2. Create five new trusted URLs. API Name URL -------------------- ------------------------------------------------- Office *.mcm.mavens.com Office_Auth *.mcm.auth.mavens.com MCM_KomodoHealth *.mcm.komodohealth.com MCM_Auth_Staging mcm--staging.auth.us-west-1.amazoncognito.com MCM_Auth mcm.auth.us-west-1.amazoncognito.com 1. Under CSP Directives, check all of the checkboxes for every trusted URL. - connect-src (scripts) - font-src (fonts) - frame-src (iframe content) - img-src (images) - media-src (audio and video) - style-src (stylesheets) 2. Leave all other values as they are. For more information about CSP rules and trusted URLs, reference Salesforce's documentation. | | |
| Fix version | Fall '24 | Resolution notes | N/A |