Salesforce Communities / Experience

Modified on Tue, 23 Apr at 10:43 PM

Salesforce Communities / Experience

Experience builder CSP security level

In the Security & Privacy section of the experience builder settings is a subsection called Content Security Policy (CSP). The setting "Security Level" needs to be set to "Relaxed CSP: Permit Access to Inline Scripts and Allowed Hosts". This unlocks the ability to set CSPs for Talkative URLs.

Experience Builder Trusted Sites

The following are a list of sites that need to be added to the "Trusted Sites for Scripts" subsection found in the "Security & Privacy" section of the experience builder.

CSP Trusted Sites

These sites need to be added to the org's CSP trusted sites list. This can be found in the settings area of the main org (not in the experience builder). Go to Settings, then in the sidebar menu search box type "CSP Trusted Sites". Click the link in the sidebar to take you to the index page that allows you to create new CSP trusted site entries.

  • Engage s3 bucket
    • reason: handles file uploads / avatar
    • URL, either:
      • https://us-engage-app.s3.us-east-2.amazonaws.com/
      • https://eu-engage-app.s3.eu-west-1.amazonaws.com/ 
    • allow: img-src, media-src
    • context: Experience Builder Sites
  • Engage main site:
  • sentry
    • reason: error logging
    • url: https://sentry.io
    • allow: connect-src
    • context: Experience Builder Sites
  • pusher sockjs
  • pusher websocket
    • reason: websockets realtime connection
    • URL, either: 
      • wss://ws-us2.pusher.com 
      • wss://ws-eu.pusher.com 

    • allow: connect-src
  • Talkative video CDN
    • reason: WebRTC-powered voice/video connection
    • URL: https://talkative-cdn.com/
  • Cobrowse
    • reason: websocket connection for cobrowse connection
    • URL, either:
      • wss://eu.talkative-ws.com/
      • wss://us.talkative-ws.com/

Adding script snippet

In the experience builder settings, go to the "Advanced" section, then click "Edit head markup". Then paste the snippet into the newly opened code editor.


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article