Forum Discussion

Leader

11 years ago

CSRF Protection in Custom Components

We are using custom search on our forums where we are pulling in results from another server. This makes it vulnerable to CSRF attack. how can we go about implementing the CSRF protection in the lith...

nathan

Executive

Based on what you've said, I can't see you needing to do anything special to avoid XSS. There's nothing inherently insecure about making cross-site requests, and you control both the content and the mechanism for displaying it on the page.

I'd recommend getting someone knowledgeable to review the code if you have any concerns about it.

PaoloT

Lithium Alumni (Retired)

11 years ago

Theoretically even when controlling the source of the data and the logic to display it, one could still think about man in the middle attacks on the data in transit, especially if unencrypted.

Of course it all depends on what the security requirements are, if you have hard security requirements then as nathan suggested a code review or even a pentest may be the best way to proceed.

Forum Discussion

CSRF Protection in Custom Components

Related Content

Custom Component - Latest post by Role

Aurora: Understanding the Salesforce connector components and their entities

Custom Component Tiled navigation

Custom Components

Customize message-list component

Recent Discussions

How to fetch all labels associated with TkbArticlePage and count how many times each label is used

In Aurora, add additional <script> and <meta> tags

Setup content filter for arabic language

24.10 API change breaks navigation

How to create/subscribe the Webhook in Aurora