Enable Secure Static Resources for Lightning Components throws error accessing a static resource if its from a package with underscore in namespace
Last updated 2021-08-17 ·Reference W-8561166 ·Reported By 78 users
"Enable Secure Static Resources for Lightning Components" throws a CORS error accessing a static resource if its from a package which has underscore in namespace.
Steps to repro
1. In a Winter’21 org
2. Create "test.js" with some valid js content and place it into a folder
3. Zip the folder and upload to the org under 'Static Resources' (name = resource)
4. Create Package with underscore in the namespace (test_namespace)
5. Add the static resource into the package and upload
6. Sign up fresh org and install the package.
7. Turn on "Enable Secure Static Resources for Lightning Components" in Release Updates
8. Install Package
9. Create Lightning Component
<aura:component access="GLOBAL" implements="flexipage:availableForAllPageTypes,force:hasRecordId,force:appHostable">
<ltng:require scripts="$Resource.test_namespace__resource + '/test.js'}"/>
10. Create Lightning Tab and chose created Lightning Component.
11. Open the Lightning Tab.
12. Check CORS errors in Chrome DevTools.
NOTE: The same repro works in the packaging org. It fails only in the installed org.
Remove the underscore from the namespace.
This release update has been postponed indefinitely while we change the implementation to reduce customer impact. The release update won't be enforced in its present form. Please do not enable it.
Please refer: https://help.salesforce.com/s/articleView?id=release-notes.rn_lc_secure_static_resources_update.htm&type=5&release=232
Reported By (78)
Is it Fixed?
Any unreleased services, features, statuses, or dates referenced in this or other public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make their purchase decisions based upon features that are currently available.