If you receive an error message like the below, you need to modify your CSP Sites.
Salesforce Changes to CSP Security Settings
With Spring 19 release, Salesforce enabled Strict CSP Security settings for new Lightning Communities by default. For existing communities, the default setting is: Allow Inline Scripts and Script Access to Any Third-party Host. Salesforce will be retiring this setting in Winter '20 release according to the SP19 release notes.
At Formstack, we take security seriously. To keep serving our forms seamlessly and to comply with Salesforce security, we have added 2 CSP Trusted Sites as part of our managed package.
You can find those in Setup, enter CSP in the Quick Find box, then select CSP Trusted Sites.
Actions to be taken by customers
New Customers (new installs - 3.71+)
- No action needed. CSP sites are added and enabled automatically.
- We recommend all customers enable our CSP trusted sites for Formstack to function properly in a Community. This is required when your org is configured for strict security settings.
- Make sure the following settings in the screenshot below are active.