Prepare for updates to format requirements for trusted URLs that define your site’s content security policy, which are designed to help prevent code injection attacks. Learn about security and usability updates and a new authorization flow for Salesforce Customer Identity. The Salesforce-managed app for the Twitter authentication provider is no longer supported.
- Prepare for Upcoming CSP Changes
To help prevent code injection attacks, Salesforce plans to update the system-defined trusted URLs that define your site’s content security policy (CSP) in Winter ’25. Prepare for this change by reviewing the impacted resources and updating your trusted URLs. - Identity and Access Management Enhancements for Experience Cloud
For Salesforce Customer Identity, take advantage of security and usability updates and a new authorization flow. - Built-In Salesforce-Managed App for the Twitter Authentication Provider Is Being Retired
The Salesforce-managed app for the Twitter authentication provider is being retired in Spring ’24. To ensure that your users can still log in to your Experience Cloud site via single sign-on (SSO) with X (formerly known as Twitter), update your authentication provider configuration. - Record Access Is Secure by Default after Enabling Digital Experiences
In Salesforce orgs created on February 8, 2024 or later, after you enable digital experiences, records shared with the Roles and Internal Subordinates group through sharing rules or other features remain accessible only to those internal users. In orgs created before February 8, 2024, records shared with internal users are still made available to external site users automatically, and you must use the Convert External User Access wizard to secure access.