Salesforce-B2C-Commerce-Cloud-Developer Practice Test
Salesforce Spring 25 Release 202 Questions
In Log Center, a developer notes j number of Cross Site Request Forgery (CSRF) log
entries.
After adding the token in the 15ML template, which action might solve this problem'
A. Add csrfProtection middleware steps in the controller
B. Extend the CSRF token validity to avoidtimeouts.
C. Delete the existing CSRF allow list in Business Manager.
A. Add csrfProtection middleware steps in the controller
Explanation:
Key Issue:
CSRF log entries indicate missing or invalid CSRF tokens in form submissions.
Adding the token in the ISML template is only half the solution—the backend must also validate it.
Why Option A?
✅ Middleware Validates CSRF Tokens
The csrfProtection middleware validates tokens sent from forms.
Add it to controller routes that handle POST/PUT/DELETE requests:
server.post('SubmitForm', csrfProtection.validateRequest, function (req, res, next) {
// Process form data
});
Fixes the Issue: Ensures tokens are checked server-side.
Why Not Other Options?
❌ B. Extend Token Validity
CSRF tokens expire for security reasons. Extending validity increases risk.
❌ C. Delete CSRF Allow List
The allow list safely exempts trusted endpoints (e.g., APIs). Deleting it forces validation on all routes, which may break valid use cases.