FAQ-000161 - CSRF and DML Security Issues / CSRF Token Implementation and Validation

Current Status:VALID_RESPONSEErrorUnable to AnswerSuggests Case

← Back to List View Prompt Template

Current FAQ

Question
How should CSRF tokens be properly implemented and validated in Salesforce managed packages?
Answer
To properly implement and validate CSRF tokens in Salesforce managed packages, follow these guidelines: 1. **Visualforce Pages**: Enable the `confirmationTokenRequired` boolean metadata field in Visualforce page settings. When set to `true`, GET requests to the page require a CSRF token in the URL. If the token is omitted, the page becomes inaccessible, ensuring built-in CSRF token protection. This can be configured in the Visualforce page settings in the org setup. 2. **Lightning Components (LWC/Aura)**: Avoid performing state changes or DML operations in an Apex controller during component instantiation (e.g., in `connectedCallback` or `renderedCallback`). Trigger state changes through user actions, like button clicks. 3. **Token Validation**: Use a completely random CSRF token with sufficient entropy. Store the token securely and validate it on the server side before processing any state-changing requests. Ensure the CSRF token has sufficient entropy to meet security standards before accepting it as a mitigation. 4. **Custom Headers**: Include the CSRF token in custom headers for API calls or form submissions to ensure secure transmission. 5. **User Interaction**: Add user interaction, such as buttons or confirmation prompts, before initiating any DML operations or uploads to mitigate CSRF risks. Protect all state-changing operations with CSRF tokens. 6. **General Practices**: Add user interaction for any redirection and enable authentication by tokens to validate redirection. 7. **Documentation and Testing**: Document and thoroughly test the implementation. Validate the entropy and effectiveness of the CSRF token as part of the security review process. These practices align with Salesforce's security guidelines to effectively mitigate CSRF vulnerabilities.

Enhancing FAQ with AI recommendations...

AI Recommended Enhancement

Related Security Rules (click to view)
ApexCSRFVfCsrf
Question
How should CSRF tokens be properly implemented and validated in Salesforce managed packages?
Recommended Answer Update
To properly implement and validate CSRF tokens in Salesforce managed packages, follow these guidelines: 1. **Visualforce Pages**: Enable the `confirmationTokenRequired` boolean metadata field in Visualforce page settings. When set to `true`, GET requests to the page require a CSRF token in the URL. If the token is omitted, the page becomes inaccessible, ensuring built-in CSRF token protection. This can be configured in the Visualforce page settings in the org setup. 2. **Lightning Components (LWC/Aura)**: Avoid performing state changes or DML operations in an Apex controller during component instantiation (e.g., in `connectedCallback` or `renderedCallback`). Trigger state changes through user actions, like button clicks. 3. **Token Validation**: Use a completely random CSRF token with sufficient entropy. Store the token securely and validate it on the server side before processing any state-changing requests. Ensure the CSRF token has sufficient entropy to meet security standards before accepting it as a mitigation. 4. **Custom Headers**: Include the CSRF token in custom headers for API calls or form submissions to ensure secure transmission. 5. **User Interaction**: Add user interaction, such as buttons or confirmation prompts, before initiating any DML operations or uploads to mitigate CSRF risks. Protect all state-changing operations with CSRF tokens. 6. **General Practices**: Add user interaction for any redirection and enable authentication by tokens to validate redirection. 7. **Documentation and Testing**: Document and thoroughly test the implementation. Validate the entropy and effectiveness of the CSRF token as part of the security review process. These practices align with Salesforce's security guidelines to effectively mitigate CSRF vulnerabilities.
Reasoning
The existing FAQ content is technically accurate and comprehensive. No significant changes are needed as the content correctly covers CSRF token implementation across Visualforce pages and Lightning components. The answer appropriately emphasizes key security practices like requiring user interaction for state changes, using proper token validation, and ensuring sufficient entropy for tokens. I selected the ApexCSRF rule because this FAQ directly addresses CSRF vulnerabilities in Apex controllers, which is exactly what this PMD rule detects. The FAQ content about avoiding DML operations during component instantiation and requiring user interaction for state changes directly relates to the patterns this rule flags. I selected the VfCsrf rule because the FAQ extensively covers CSRF protection in Visualforce pages, specifically mentioning the `confirmationTokenRequired` metadata field and GET request token validation. This directly corresponds to what the VfCsrf rule checks for in Visualforce page security.
Reasoning References