You need to sign in to do that
Don't have an account?
Starting November 20, the site will be set to read-only.
On December 4, 2023,
Apex Code Development (90768)
General Development (55146)
Visualforce Development (37251)
Lightning (18265)
APIs and Integration (17146)
Trailhead (11680)
Formulas & Validation Rules Discussion (11337)
Other Salesforce Applications (8116)
Jobs Board (6655)
Force.com Sites & Site.com (4842)
Mobile (2694)
You need to sign in to do that
Don't have an account?
In Salesforce, there are three main options available to access external sources securely: CSP Trusted Sites, CORS, and Remote Site Settings.
Basically, CSP Trusted Sites is used to load external resources, CORS is used to make API calls to external servers, and Remote Site Settings is used to grant access to external servers for HTTP/HTTPS callouts.
-
-
-
More details on the comparisons provided on https://trailhead.salesforce.com/trailblazer-community/feed/0D54S00000A9CKJSA3CSP Trusted Sites: Content Security Policy (CSP) is a security feature that helps to mitigate cross-site scripting (XSS) attacks. CSP Trusted Sites is used when you want to allow content from external sites to be loaded into your Visualforce pages or Lightning components. By adding the external site URL to your list of trusted sites, you can ensure that any content loaded from that site is secure and won't introduce any security vulnerabilities. CSP Trusted Sites is typically used when loading external JavaScript libraries, images, or other resources.
CORS: Cross-Origin Resource Sharing (CORS) is a security feature that allows you to control access to external resources by defining which domains are allowed to access them. CORS is used when you want to make a cross-domain request from your Visualforce page or Lightning component to an external server. By enabling CORS for the external server, you can ensure that the request is authorized and secure. CORS is typically used when making API calls to external servers.
Remote Site Settings: Remote Site Settings is used when you want to grant access to an external server that your Visualforce page or Lightning component will access. By adding the external server URL to your list of remote site settings, you can ensure that the request is authorized and secure. Remote Site Settings is typically used when making HTTP or HTTPS callouts from your Visualforce page or Lightning component to an external server.
https://stackoverflow.com/questions/39488241/what-is-the-difference-between-cors-and-csps#:~:text=CORS%20allows%20a%20site%20A,as%20a%20defence%20against%20XSS)
If this information helps, please mark the answer as best. Thank you