Forum Discussion

Leader

11 years ago

CSRF Protection in Custom Components

We are using custom search on our forums where we are pulling in results from another server. This makes it vulnerable to CSRF attack. how can we go about implementing the CSRF protection in the lith...

Gursimrat

Leader

1. Yes, we have control over the data, it is hosted on the SOLR server.
2. Format could be xml, json
3. Displaying it via JavaScript, in the search results.

Basically, We need to add it on the custom search page.

nathan

Executive

11 years ago

Based on what you've said, I can't see you needing to do anything special to avoid XSS. There's nothing inherently insecure about making cross-site requests, and you control both the content and the mechanism for displaying it on the page.

I'd recommend getting someone knowledgeable to review the code if you have any concerns about it.

Forum Discussion

CSRF Protection in Custom Components

Related Content

Custom Component - Latest post by Role

Aurora: Understanding the Salesforce connector components and their entities

Custom Component Tiled navigation

Custom Components

Customize message-list component

Recent Discussions

How to fetch all labels associated with TkbArticlePage and count how many times each label is used

In Aurora, add additional <script> and <meta> tags

Setup content filter for arabic language

24.10 API change breaks navigation

How to create/subscribe the Webhook in Aurora