FAQ-000223 - CSRF and DML Security Issues / Managed Package CSRF Considerations

Current Status:VALID_RESPONSEErrorUnable to AnswerSuggests Case

← Back to List View Prompt Template

Current FAQ

Question
What are the recommended approaches to prevent CSRF vulnerabilities in managed packages?
Answer
To prevent CSRF vulnerabilities in managed packages, here are the recommended approaches: 1. **Enable `confirmationTokenRequired` in Visualforce Pages**: Set the `confirmationTokenRequired` boolean metadata field to `true` in the Visualforce page settings. This ensures that GET requests to the page require a CSRF token in the URL, preventing unauthorized access. 2. **Avoid Automated DML Operations on Page Load**: Do not perform state changes or DML operations in Apex controllers during the initialization of Lightning or LWC components. Instead, trigger these operations through user actions, such as button clicks. 3. **Use Custom Headers with Random Tokens**: Implement a completely random token in custom headers for requests. This adds an additional layer of security against CSRF attacks. 4. **Follow Secure Coding Practices**: Adhere to secure server-side development guidelines, such as those provided in the Secure Server-Side Development module on Trailhead, to ensure robust protection against CSRF vulnerabilities. 5. **Review and Test Thoroughly**: Regularly review and test the managed package for CSRF vulnerabilities, ensuring that all identified issues are addressed before submission for security review. For more details, you can refer to the [Salesforce documentation](/).

Enhancing FAQ with AI recommendations...

AI Recommended Enhancement

Related Security Rules (click to view)
ApexCSRFVfCsrf
Question
What are the recommended approaches to prevent CSRF vulnerabilities in managed packages?
Recommended Answer Update
To prevent CSRF vulnerabilities in managed packages, here are the recommended approaches: 1. **Enable `confirmationTokenRequired` in Visualforce Pages**: Set the `confirmationTokenRequired` boolean metadata field to `true` in the Visualforce page settings. This ensures that GET requests to the page require a CSRF token in the URL, preventing unauthorized access. 2. **Avoid Automated DML Operations on Page Load**: Don't perform state changes or DML operations in Apex controllers during the initialization of Lightning or LWC components. Instead, trigger these operations through user actions, such as button clicks. 3. **Use Custom Headers with Random Tokens**: Implement a completely random token in custom headers for requests. This adds an additional layer of security against CSRF attacks. 4. **Follow Secure Coding Practices**: Adhere to secure server-side development guidelines, such as those provided in the Secure Server-Side Development module on Trailhead, to ensure robust protection against CSRF vulnerabilities. 5. **Review and Test Thoroughly**: Regularly review and test the managed package for CSRF vulnerabilities, ensuring that all identified issues are addressed before submission for security review. For more details, you can refer to the [Salesforce documentation](/).
Reasoning
The FAQ content is accurate and comprehensive, with only minor language refinements needed to improve clarity and readability. I changed 'Do not perform' to 'Don't perform' to align with the conversational tone guidelines, making the text more approachable and natural while maintaining the technical accuracy. For security rules selection: **ApexCSRF**: This rule directly relates to the FAQ's core topic of preventing CSRF vulnerabilities. The FAQ specifically discusses 'CSRF vulnerabilities in managed packages' and provides approaches like 'Use Custom Headers with Random Tokens' and avoiding 'automated DML operations on page load' - all of which are exactly what the ApexCSRF rule is designed to detect and prevent. **VfCsrf**: This rule is highly relevant because the FAQ explicitly mentions Visualforce page security with the recommendation to 'Enable confirmationTokenRequired in Visualforce Pages' and discusses setting 'confirmationTokenRequired boolean metadata field to true'. The VfCsrf rule specifically focuses on CSRF vulnerabilities in Visualforce pages, making it directly applicable to this FAQ content.
Reasoning References