Genesys Cloud - Main

 View Only

Discussion Thread View

  • 1.  Genesys Cloud for Salesforce embedded client: Adopt updated CSP directives

    Posted 07-23-2024 11:29

    Hello,

    Salesforce communicated on the following release update, that will be enforced in the Winter 25 release: Adopt Updated Content Security Policy (CSP) Directives (Release Update)

    The consequence is that the Genesys Cloud for Salesforce embedded client stops working when the release update is activated: the solution is, on Salesforce side, to add a new "Trusted URLs", with the URL that matches your region, like "*.mypurecloud.de"

    Will Genesys communicate on this, and update the package to add the trusted URLs by default?


    #API/Integrations


  • 2.  RE: Genesys Cloud for Salesforce embedded client: Adopt updated CSP directives

    Posted 07-24-2024 22:44

    Thanks for posting this Bertrand.  Will be keen to see what feedback Genesys gives.  It sounds like SF admins can enable this now so curious if any org has had this done and what it's actually done to the widget.



    ------------------------------
    Vaun McCarthy
    ------------------------------

    Original Message


  • 3.  RE: Genesys Cloud for Salesforce embedded client: Adopt updated CSP directives

    Posted 07-25-2024 05:25

    We tried on a Salesforce Sandbox to enable it: the consequence on the widget is that is simply can't load, it gives a blank screen like in this screenshot.

    If you go to the browser console, you can see a message like:

    Content-Security-Policy: The page's settings blocked the loading of a resource (frame-src) at https://apps.mypurecloud.de/crm/index.html?crm=salesforce&color=darkblue&mode=Lightning&isdtp=vw&sfdcIframeOrigin=https%3A%2F%2Fxxxxxxxxxxxxxxxxxxxxxxxx.sandbox.lightning.force.com&nonce=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&ltn_app_id=xxxxxxxxxxxxxxxxxxxxxxx&clc=1 because it violates the following directive: "frame-src

    We found this issue while getting ready for the next Saleforce release: by activating this release update, we noticed that Genesys Cloud embedded client wasn't working anymore.


    Original Message


  • 4.  RE: Genesys Cloud for Salesforce embedded client: Adopt updated CSP directives

    Posted 08-29-2024 10:59

    Did Genesys ever respond to this?

    We have the same issue and need it resolved



    ------------------------------
    Dan Skill
    Individual Only Contact Account
    ------------------------------

    Original Message


  • 5.  RE: Genesys Cloud for Salesforce embedded client: Adopt updated CSP directives

    Posted 08-30-2024 10:08

    Hello Dan,

    I created a ticket to Genesys, they said they will come back with an update on this.

    In the meantime, I found by accident that the documentation has been updated already.

    Here: https://help.mypurecloud.com/articles/about-genesys-cloud-for-salesforce/

    • Salesforce has updated the delivered CSP directives for Lightning pages, which can prevent the externally hosted fonts and images from loading. It can also prevent external websites from loading within an iframe on your Lightning pages. To prepare for this change, update your trusted URLs in Salesforce. For more information, see Adopt Updated Content Security Policy (CSP) Directives (Release Update). To successfully embed the client within Salesforce, administrators must add the Genesys Cloud region domains as the trusted URLs in Salesforce. For more information, see Change the region of your Genesys Cloud organization.

    And here: https://help.mypurecloud.com/articles/change-the-region-of-your-genesys-cloud-organization/

    They added some new details to "Add your Genesys Cloud region domains as trusted URLs in Salesforce".

    You can follow the steps from this documentation and it should be enough.


    Original Message


  • 6.  RE: Genesys Cloud for Salesforce embedded client: Adopt updated CSP directives

    Posted 08-30-2024 12:19

    Hi Bertrand,
    Yes I saw that updated article Last night and did that. It's working.

    Thanks for your response





    Original Message


  • 7.  RE: Genesys Cloud for Salesforce embedded client: Adopt updated CSP directives

    Posted 08-31-2024 07:23

    We also ran into this issue last week when our Salesforce admins upgraded their Sandbox environment. At that time the Genesys Resource Center hadn't been updated, so we stumbled across the fix after reviewing network logs & searching the Salesforce forum for "CSP errors". We alerted our Genesys Account Team and are glad to see the Resource Center has been updated since. I didn't think to search our Genesys Cloud Community forums last week for this issue.

    It's worth noting our Salesforce admins had to first back out the security policy update, add the Trusted URLs in SF (e.g. for us it was https://*.mypurecloud.com), and then they implemented the new Salesforce security policy (CSP). That order of operations may not apply to others, but was required for us. As a result, we have had them proactively add the trusted URL in our Salesforce production environment to avoid issues there.



    ------------------------------
    Brian T. Jones | Ascension | Senior Specialist - Technology
    ------------------------------

    Original Message


  • 8.  RE: Genesys Cloud for Salesforce embedded client: Adopt updated CSP directives
    Best Answer

    Posted 09-04-2024 07:24

    Hello Bertrand,

    From the Salesforce documentation i can read that the update is canceled :

    https://help.salesforce.com/s/articleView?id=release-notes.rn_security_other_updated_csp_ru.htm&release=252&type=5

    Adopt Updated Content Security Policy (CSP) Directives (Release Update)

    This update is canceled. Salesforce isn't enforcing the Adopt updated CSP directives setting at this time. However, to help protect your org from cross-site scripting and other code-injection attacks, we continue to encourage you to enable that setting now. To help you adopt this change, Salesforce plans to improve the reporting on restricted frames, images, and fonts in a future release. When that reporting is available, Salesforce plans to introduce a new release update to enforce the setting.

    So no activities are needed in the near future to keep using the embedded widget , or i am missing something ?



    ------------------------------
    Alessandro Casolla
    Genesys - Employees
    ------------------------------

    Original Message


Need Help finding something?

Check out the Genesys Knowledge Network - your all-in-one access point for Genesys resources