LockerService brings multi-tenancy to the browsers. This is done by sandboxing of code and isolation of elements, thereby setting them apart from the rest of the system. Locker acts as a Virtual iframe that helps to bring all the security benefits - minus the drawbacks of UI for an iframe.
LockerService for businesses are enabled for components with API version 39.0 and lower.
2. cloud.analogy info@cloudanalogy.com +1(415)830-3899
LockerService brings multi-tenancy to the browsers. This is done by
sandboxing of code and isolation of elements, thereby setting them apart
from the rest of the system. Locker acts as a Virtual iframe that helps to
bring all the security benefits - minus the drawbacks of UI for an iframe.
LockerService for businesses are enabled for components with API version
39.0 and lower.
Consequently, the Locker issues may simply stop the components or the
Lightning page - with Locker services enforced by Salesforce. Here is an use
case on enforcement of LockerService on Lightning component.
What is LockerService ?
3. cloud.analogy info@cloudanalogy.com +1(415)830-3899
What are the security benefits of
Locker Services?
● Locker source is open-source Javascript files maintained by
Salesforce.
● When Single Page Applications (SPAs) are built using Lightning
components, then Security can be enforced by LockerServices.
● Locker makes use of Content Security Policy (CSP) of the browser.
Next, we speak about Locker Compliance and reworking of LCs.
4. cloud.analogy info@cloudanalogy.com +1(415)830-3899
Locker Compliance and reworking of LCs.
The Salesforce admin or the developer can enable
the Locker services with critical updates and test the
component/application - whether it is functional.
Next we move to CSP Policy, that is implemented in
the modern applications.
5. How to implement CSP in the modern applications ?
CSP is supported by all the modern browsers - Firefox, Chrome, Safari and
others. CSP can be enforced by an HTTP header, rule pattern and a name. A
ruleset defined browser can be used for prevention webpage downloading of
malicious content from unknown sources.
The LC code can be broken under Locker, let us now find the causes for that.
cloud.analogy info@cloudanalogy.com +1(415)830-3899
CSP is supported by all the modern browsers - Firefox, Chrome, Safari and others.
CSP can be enforced by an HTTP header, rule pattern and a name. A ruleset defined
browser can be used for prevention webpage downloading of malicious content from
unknown sources.
How to implement CSP in the
modern applications ?
The LC code can be broken under Locker, let us now find the causes for
that.
6. cloud.analogy info@cloudanalogy.com +1(415)830-3899
What are the Causes for broken LC
Code in Locker ?
The causes for broken LC code are as follows:
● ESS Strict Mode Compliance of Javascript
● Third-party libraries not locker-compliant
● Loading Images or JS libraries from CDN or an
external website.
7. cloud.analogy info@cloudanalogy.com +1(415)830-3899
You need to check with Javascript strict mode
rules from:
https://developer.mozilla.org/en-
US/docs/Web/JavaScript/Reference/Strict_mod
e
ESS Strict Mode Compliance Of
Javascript