FAQ-000215 - CSRF and DML Security Issues / General CSRF Prevention and Best Practices

Current Status:VALID_RESPONSEErrorUnable to AnswerSuggests Case

Question: What are the correct methods for implementing CSRF protection across different Salesforce contexts?

Answer: To implement CSRF protection across different Salesforce contexts, follow these methods: 1. **Visualforce Pages**: Enable the `confirmationTokenRequired` boolean metadata field in the Visualforce page settings. When set to `true`, GET requests to the page require a CSRF token in the URL, ensuring the page is inaccessible without the token. Configure this in the Visualforce page settings in the org setup. 2. **Lightning Web Components (LWC) and Aura**: Avoid performing state change or DML operations in an Apex controller during instantiation. Instead, trigger state changes through user actions, like button clicks. 3. **General Practices**: Ensure all form requests and state change operations are triggered by user actions. Avoid executing DML operations on page initialization, as this bypasses the platform's default CSRF protection. These steps will help effectively mitigate CSRF vulnerabilities in Salesforce environments.

Enhancing FAQ...

Enhancing FAQ with AI recommendations...

Question: What are the correct methods for implementing CSRF protection across different Salesforce contexts?

Recommended Answer Update: To implement CSRF protection across different Salesforce contexts, follow these methods: 1. **Visualforce Pages**: Enable the `confirmationTokenRequired` boolean metadata field in the Visualforce page settings. When set to `true`, GET requests to the page require a CSRF token in the URL, ensuring the page is inaccessible without the token. Configure this in the Visualforce page settings in the org setup. 2. **Lightning Web Components (LWC) and Aura**: Avoid performing state change or DML operations in an Apex controller during instantiation. Instead, trigger state changes through user actions, like button clicks. 3. **General Practices**: Ensure all form requests and state change operations are triggered by user actions. Avoid executing DML operations on page initialization, as this bypasses the platform's default CSRF protection. These steps will help effectively mitigate CSRF vulnerabilities in Salesforce environments.

Reasoning: The FAQ content is accurate and well-structured, covering the key CSRF protection methods across different Salesforce contexts. No significant changes are needed as the technical information aligns with current best practices and security guidelines. The content effectively addresses the three main areas where CSRF protection is critical: Visualforce pages, Lightning components, and general practices. I selected the ApexCSRF rule because this FAQ directly addresses CSRF vulnerabilities in Apex code, specifically discussing how to prevent DML operations during page initialization and ensuring state changes are triggered by user actions - which is exactly what the ApexCSRF rule is designed to detect and prevent. The FAQ's guidance on avoiding DML operations on page initialization directly relates to the ApexCSRF rule's purpose. I selected the VfCsrf rule because the FAQ extensively covers CSRF protection in Visualforce pages, specifically mentioning the `confirmationTokenRequired` metadata field configuration. This directly corresponds to what the VfCsrf rule monitors - CSRF vulnerabilities in Visualforce components. The FAQ's first point about enabling confirmationTokenRequired is precisely the type of CSRF protection that the VfCsrf rule validates.

Reasoning References

Current FAQ