Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Salesforce Certified B2C Commerce Cloud Developer (Comm-Dev-101) Exam - Topic 12 Question 5 Discussion

To ensure SFRA best practices and protect against request forgery, the developer introduced CSRF tokengeneration in the customer address form:......To implement CSRF protection when the form is submitted, the developer needs to introduce the CSRFvalidation using one or both of these methods as applicable:* validateRequest* validateAjaxRequestWhere in the code does the developer need to add this CSRF validation check?
B) In the middleware chain of the controller post route
A) In the controller function that displays the form
C) In the controller function that handles the submitted form
D) In the model function that persists the form data

Salesforce Certified B2C Commerce Cloud Developer (Comm-Dev-101) Exam - Topic 12 Question 5 Discussion

Actual exam question for Salesforce's Salesforce Certified B2C Commerce Cloud Developer (Comm-Dev-101) exam
Question #: 5
Topic #: 12
[All Salesforce Certified B2C Commerce Cloud Developer (Comm-Dev-101) Questions]

To ensure SFRA best practices and protect against request forgery, the developer introduced CSRF token

generation in the customer address form:

value = ''${dw.web.CSRFProtection.generateToken()''>

...

...

To implement CSRF protection when the form is submitted, the developer needs to introduce the CSRF

validation using one or both of these methods as applicable:

* validateRequest

* validateAjaxRequest

Where in the code does the developer need to add this CSRF validation check?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Colette at May 10, 2022, 04:07 AM

Limited Time Offer

25%

Off

Get Premium Salesforce Certified B2C Commerce Cloud Developer (Comm-Dev-101) Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Bok
7 months ago
Wait, is it really that simple?
upvoted 0 times
...
Francene
7 months ago
Seems obvious, but why not validate in the model too?
upvoted 0 times
...
Cristy
7 months ago
I thought CSRF validation should be in middleware?
upvoted 0 times
...
Gertude
8 months ago
Definitely in the controller handling the form submission.
upvoted 0 times
...
Cherilyn
8 months ago
CSRF tokens are essential for security!
upvoted 0 times
...
Stanford
8 months ago
I practiced a similar question, and I chose the controller function that displays the form, but now I’m second-guessing myself. It feels like it should be in the submission handler instead.
upvoted 0 times
...
Pete
8 months ago
I'm not entirely sure, but I remember something about middleware being a good place for validation checks. Maybe option B is correct?
upvoted 0 times
...
Carry
8 months ago
I think the CSRF validation should go in the controller function that handles the submitted form, right? That makes sense since it's where the data is processed.
upvoted 0 times
...
Franklyn
8 months ago
I feel like the validation should definitely happen in the controller function that handles the submitted form. It’s where we need to ensure the token is valid before processing any data.
upvoted 0 times
...
Omer
8 months ago
Hmm, I'm a bit unsure about this one. I know BGP has a lot of different attributes, but I'm not sure which one would be the best to modify to get the desired routing behavior.
upvoted 0 times
...
Kenny
8 months ago
This looks like a question on change management practices. I'll need to think through the key aspects of each option to determine which one best ensures that any changes are properly assessed and authorized.
upvoted 0 times
...
Celeste
8 months ago
Wait, I'm confused. If EPOs are similar to PPOs, then shouldn't out-of-network care be partially covered, like option A? This question is tripping me up a bit.
upvoted 0 times
...

Save Cancel