SharePoint Online will enforce Content Security Policy (CSP) for all tenants starting March 1, 2026. Scripts from untrusted sources will be blocked, with major impact on SPFx solutions using external scripts or inline JavaScript.
ℹ️
Key Facts:
Organizations should review CSP violations in Microsoft Purview Audit logs and add trusted script sources in SharePoint Admin Center (Advanced → Script sources) before enforcement begins. Inline scripts must be refactored to external files – this requires updating the SPFx solution.
Sources: MC1193419 · Microsoft Learn
