Content Security Policy is now enforced for all Flex applications

Following our earlier announcement, we have applied a Content Security Policy to all Flex applications on flex.twilio.com. This restricts Flex from being rendered in an iframe on unregistered external domains. To continue using Flex within an iframe, including through Salesforce and Zendesk integrations, admins must register their external domains on the Flex Settings page. We have updated our Content Security Policy to prevent potential phishing attacks or abuse by malicious third parties.

Refer to our documentation for more details.