FAQ-000164 - CSRF and DML Security Issues / CSRF Token Implementation and Validation

To address Anti-CSRF token issues identified by the Chimera scanner: 1. **Enable Anti-CSRF Token Setting**: Ensure this setting is enabled when using Visualforce pages to call Lightning Aura Components. 2. **Set Access Value**: Configure the access value for the Aura component to either 'Private' or 'Public' to restrict access within the namespace. 3. **Avoid Using Init Function**: If the Aura component contains DML operations, avoid using the init function. These steps help protect against CSRF attacks, especially when the Aura component is accessed only through the Visualforce page.

The content is accurate and well-structured. I made only minor improvements for clarity: changed 'do not use' to 'avoid using' for a more positive tone, and simplified the abbreviation 'VF' to spell out 'Visualforce' in the first mention for clarity. I selected ApexCSRF and VfCsrf rules because they directly relate to the FAQ's content: ApexCSRF detects CSRF vulnerabilities in Apex controllers (severity 1), and VfCsrf identifies CSRF issues in Visualforce pages (severity 2). The FAQ specifically addresses 'Anti-CSRF token issues identified by Chimera scanner' and provides guidance on 'using Visualforce pages to call Lightning Aura Components' and protecting 'against CSRF attacks' - this matches exactly what these rules detect and help prevent.