Introduction to Content Security Policy!

Content Security Policy (CSP) is a standard defined by W3C that helps protect against cross-site scripting (XSS) and other code injection attacks. 

It sets rules to control the source of content that can be loaded on a page.

Here are the key points to understand about CSP:

1. Page-Level Enforcement: 

All CSP rules work at the page level and apply to all components and libraries.

2. Objective: 

The main objective of CSP is to prevent cross-site scripting (XSS) and other code injection attacks.

3. Controlled Content Source: 

CSP imposes restrictions on content by defining rules to control the source of content that can be loaded on a page.

4. Restrictions on JavaScript: 

CSP directives apply to client-side JavaScript and can restrict inline JavaScript in HTML.

5. Used in Lightning Component Framework: 

The Lightning Component framework uses CSP to enforce restrictions on content and prevent attacks.

6. JavaScript Library Restriction: 

JavaScript libraries can only be referenced from your organization, and external libraries must be uploaded as static resources.

7. Resource Location: 

Resources such as fonts, images, videos, CSS, and scripts must be located within your organization by default.

8. Access to Third-Party Resources: 

CSP directives can be modified to allow access to third-party resources by adding CSP Trusted Sites.

9. HTTPS Requirement: 

HTTPS connections are required for external resources, regardless of whether they are located within your organization or accessed through a CSP Trusted Site.

10. Inline JavaScript Restriction: 

Inline JavaScript is disallowed, meaning that script tags and event handlers cannot contain inline scripts.

11. Violation Logging: 

CSP violations are logged in the browser's developer console. 

If the functionality of your app is not affected, you can ignore them.