4b. Create a Trusted URL

In this step, you create a Trusted URL so that Salesforce's Content Security Policy (CSP) doesn't block the SlapFive embedded screens.

NOTE: This step is new due to Salesforce tightening their Content Security Policy (CSP) settings on June 16, 2025.

Go to Setup > Security > Trusted URLs and click the New Trusted URL button.

When creating the Trusted URL:

API Name: enter SlapFive.
URL: type https://*.slapfive.com. The wildcard is needed to handle different subdomains such as app.slapfive.com, your_client_name.slapfive.com, and auth.slapfive.com.
CSP Context: Leave set to All.
CSP Directives: Check all 6 checkboxes. The critical CSP Directive is frame-src (iframe content), but the iframe can also contain these other elements.

Click the Save button to create the new Trusted URL.

Last updated 7 months ago