1 / 10

Locker Services and Lightning Components

Locker source is open-source Javascript files maintained by Salesforce. <br>When Single Page Applications (SPAs) are built using Lightning components, then Security can be enforced by LockerServices. <br>Locker makes use of Content Security Policy (CSP) of the bro<br>

vivekshukla
Download Presentation

Locker Services and Lightning Components

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. info@cloudanalogy.com cloud.analogy +1(415)830-3899

  2. What is LockerService ? LockerService brings multi-tenancy to the browsers.This is done by sandboxing of code and isolation of elements, thereby setting them apart from the rest of the system. Locker acts as a Virtual iframe that helps to bring all the security benefits - minus the drawbacks of UI for an iframe. LockerService for businesses are enabled for components with API version 39.0 and lower. Consequently, the Locker issues may simply stop the components or the Lightning page - with Locker services enforced by Salesforce. Here is an use case on enforcement of LockerService on Lightning component. info@cloudanalogy.com cloud.analogy +1(415)830-3899

  3. What are the security benefits of Locker Services? • Locker source is open-source Javascript files maintained by Salesforce. • When Single Page Applications (SPAs) are built using Lightning components, then Security can be enforced by LockerServices. • Locker makes use of Content Security Policy (CSP) of the browser. Next, we speak about Locker Compliance and reworking of LCs. info@cloudanalogy.com cloud.analogy +1(415)830-3899

  4. Locker Compliance and reworking of LCs. The Salesforce admin or the developer can enable the Locker services with critical updates and test the component/application - whether it is functional. Next we move to CSP Policy, that is implemented in the modern applications. info@cloudanalogy.com cloud.analogy +1(415)830-3899

  5. How to implement CSP in the modern applications ? How to implement CSP in the modern applications ? CSP is supported by all the modern browsers - Firefox, Chrome, Safari and others. CSP can be enforced by an HTTP header, rule pattern and a name. A ruleset defined browser can be used for prevention webpage downloading of malicious content from unknown sources. CSP is supported by all the modern browsers - Firefox, Chrome, Safari and others. CSP can be enforced by an HTTP header, rule pattern and a name. A ruleset defined browser can be used for prevention webpage downloading of malicious content from unknown sources. The LC code can be broken under Locker, let us now find the causes for that. The LC code can be broken under Locker, let us now find the causes for that. info@cloudanalogy.com cloud.analogy +1(415)830-3899

  6. What are the Causes for broken LC Code in Locker ? The causes for broken LC code are as follows: • ESS Strict Mode Compliance of Javascript • Third-party libraries not locker-compliant • Loading Images or JS libraries from CDN or an external website. info@cloudanalogy.com cloud.analogy +1(415)830-3899

  7. ESS Strict Mode Compliance Of Javascript You need to check with Javascript strict mode rules from: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Strict_mode info@cloudanalogy.com cloud.analogy +1(415)830-3899

  8. Third-party libraries not locker-compliant One must ensure that any third-party libraries must be checked for working in Locker Service. info@cloudanalogy.com cloud.analogy +1(415)830-3899

  9. Loading Images or JS libraries from CDN or an external website The assets and images must be ensured to be loaded by loading from Salesforce Strict Resources only. info@cloudanalogy.com cloud.analogy +1(415)830-3899

  10. THANK YOU info@cloudanalogy.com cloud.analogy +1(415)830-3899

More Related