Overview
Starting March 1, 2026, Microsoft will begin enforcing Content Security Policy (CSP) in SharePoint Online, which may affect Learn365 web parts that have been configured for your organization.
What is CSP and how does it work in SharePoint online?
CSP is a set of rules that defines which locations scripts are allowed to load from. When a Learn365 web part tries to load an external script, the browser first checks the site’s Content Security Policy. If the script comes from an approved location, the browser loads it as expected. If the location isn't approved by the CSP rules, the browser blocks the script and records an error in the browser console.
This Microsoft help center article describes several ways of enforcing CSP, of which Learn365 uses Option 1. This means that SharePoint automatically adds the base Learn365 domain to a list of trusted sources in the SharePoint Admin Center during Learn365 installation, which is:
- https://assets.365.systems/assets/js/ for commercial tenants
- https://assets.usgcc365.systems/assets/js/ for US Government tenants.
What should I do if Learn365 web parts don't load due to the enforced Content Security Policy?
Required role: SharePoint admin or Microsoft365 Global admin.
1. Go to the page where the Learn365 web part doesn't load.
2. Check the browser console for any errors describing CSP violations, along with the URLs that caused the error.
3. Go to your SharePoint admin center.
4. On the left navigation bar, expand Advanced and select Script sources. The Trusted script sources page opens, which lists trusted sources in the Source expression column, along with their Status and Modified date.
5. Check if the list contains all the sites that you load scripts from.
6. If you know and trust the source of the script that caused the error, you can add it to the list of trusted sources as required.
Comments
Article is closed for comments.