100 likes | 120 Views
Locker source is open-source Javascript files maintained by Salesforce. <br>When Single Page Applications (SPAs) are built using Lightning components, then Security can be enforced by LockerServices. <br>Locker makes use of Content Security Policy (CSP) of the bro<br>
E N D
info@cloudanalogy.com cloud.analogy +1(415)830-3899
What is LockerService ? LockerService brings multi-tenancy to the browsers.This is done by sandboxing of code and isolation of elements, thereby setting them apart from the rest of the system. Locker acts as a Virtual iframe that helps to bring all the security benefits - minus the drawbacks of UI for an iframe. LockerService for businesses are enabled for components with API version 39.0 and lower. Consequently, the Locker issues may simply stop the components or the Lightning page - with Locker services enforced by Salesforce. Here is an use case on enforcement of LockerService on Lightning component. info@cloudanalogy.com cloud.analogy +1(415)830-3899
What are the security benefits of Locker Services? • Locker source is open-source Javascript files maintained by Salesforce. • When Single Page Applications (SPAs) are built using Lightning components, then Security can be enforced by LockerServices. • Locker makes use of Content Security Policy (CSP) of the browser. Next, we speak about Locker Compliance and reworking of LCs. info@cloudanalogy.com cloud.analogy +1(415)830-3899
Locker Compliance and reworking of LCs. The Salesforce admin or the developer can enable the Locker services with critical updates and test the component/application - whether it is functional. Next we move to CSP Policy, that is implemented in the modern applications. info@cloudanalogy.com cloud.analogy +1(415)830-3899
How to implement CSP in the modern applications ? How to implement CSP in the modern applications ? CSP is supported by all the modern browsers - Firefox, Chrome, Safari and others. CSP can be enforced by an HTTP header, rule pattern and a name. A ruleset defined browser can be used for prevention webpage downloading of malicious content from unknown sources. CSP is supported by all the modern browsers - Firefox, Chrome, Safari and others. CSP can be enforced by an HTTP header, rule pattern and a name. A ruleset defined browser can be used for prevention webpage downloading of malicious content from unknown sources. The LC code can be broken under Locker, let us now find the causes for that. The LC code can be broken under Locker, let us now find the causes for that. info@cloudanalogy.com cloud.analogy +1(415)830-3899
What are the Causes for broken LC Code in Locker ? The causes for broken LC code are as follows: • ESS Strict Mode Compliance of Javascript • Third-party libraries not locker-compliant • Loading Images or JS libraries from CDN or an external website. info@cloudanalogy.com cloud.analogy +1(415)830-3899
ESS Strict Mode Compliance Of Javascript You need to check with Javascript strict mode rules from: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Strict_mode info@cloudanalogy.com cloud.analogy +1(415)830-3899
Third-party libraries not locker-compliant One must ensure that any third-party libraries must be checked for working in Locker Service. info@cloudanalogy.com cloud.analogy +1(415)830-3899
Loading Images or JS libraries from CDN or an external website The assets and images must be ensured to be loaded by loading from Salesforce Strict Resources only. info@cloudanalogy.com cloud.analogy +1(415)830-3899
THANK YOU info@cloudanalogy.com cloud.analogy +1(415)830-3899