# 4b. Create a Trusted URL

{% hint style="info" %}
NOTE: This step is new due to Salesforce tightening their Content Security Policy (CSP) settings on June 16, 2025.
{% endhint %}

Go to **Setup** > **Security** > **Trusted URLs** and click the **New Trusted URL** button.

When creating the Trusted URL:

* [ ] **API Name:** enter *SlapFive*.
* [ ] **URL:** type *https\://\*.slapfive.com*. The wildcard is needed to handle different subdomains such as app.slapfive.com, your\_client\_name.slapfive.com, and auth.slapfive.com.
* [ ] **CSP Context:** Leave set to *All*.
* [ ] **CSP Directives:** Check all 6 checkboxes. The critical CSP Directive is *frame-src (iframe content)*, but the iframe can also contain these other elements. 

Click the **Save** button to create the new Trusted URL.