Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Salesforce CCM-101 Exam - Topic 6 Question 64 Discussion

To ensure SFRA best practices and protect against request forgery, the developer introduced CSRF tokengeneration in the customer address form:......To implement CSRF protection when the form is submitted, the developer needs to introduce the CSRFvalidation using one or both of these methods as applicable:validateRequestvalidateAjaxRequestWhere in the code does the developer need to add this CSRF validation check?
B) In the middleware chain of the controller post route
A) In the controller function that displays the form
C) In the controller function that handles the submitted form
D) In the model function that persists the form data

Salesforce CCM-101 Exam - Topic 6 Question 64 Discussion

Actual exam question for Salesforce's CCM-101 exam
Question #: 64
Topic #: 6
[All CCM-101 Questions]

To ensure SFRA best practices and protect against request forgery, the developer introduced CSRF token

generation in the customer address form:

value = ''${dw.web.CSRFProtection.generateToken()''>

...

...

To implement CSRF protection when the form is submitted, the developer needs to introduce the CSRF

validation using one or both of these methods as applicable:

validateRequest

validateAjaxRequest

Where in the code does the developer need to add this CSRF validation check?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Lucina at Apr 29, 2025, 01:58 PM

Limited Time Offer

25%

Off

Get Premium CCM-101 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Jettie
5 months ago
Agreed, validation needs to happen right after form submission!
upvoted 0 times
...
Lili
6 months ago
Definitely in the controller that handles the form submission.
upvoted 0 times
...
Samuel
6 months ago
Wait, can you really validate in the model? Seems off.
upvoted 0 times
...
Mica
6 months ago
I think it should be in the middleware chain instead.
upvoted 0 times
...
Sharen
6 months ago
CSRF tokens are essential for form security!
upvoted 0 times
...
Billye
7 months ago
I vaguely recall that the validation should happen before any data is processed, so maybe it should be in the controller function that handles the submitted form?
upvoted 0 times
...
Malinda
7 months ago
I feel like we practiced a similar question, and I might have chosen the middleware option then. But now I'm confused if that’s the right place for CSRF validation.
upvoted 0 times
...
Belen
7 months ago
I think it makes sense to add the CSRF validation in the controller function that handles the submitted form, right? That way, it checks the token right before processing the data.
upvoted 0 times
...
Cherelle
7 months ago
I remember we discussed CSRF tokens in our last class, but I'm not sure if the validation should go in the controller or middleware.
upvoted 0 times
...
Tasia
8 months ago
Okay, let me think this through. The CSRF token is generated in the form, so the validation needs to happen before the form data is actually processed. That means the validation check should be in the controller function that handles the submitted form, not in the middleware or the model.
upvoted 0 times
...
Cyril
8 months ago
I think the key here is that the CSRF protection needs to be implemented at the point where the form data is being processed, which would be the controller function that handles the submitted form. The middleware chain of the controller post route seems like a good place to add the validation check.
upvoted 0 times
...
Youlanda
8 months ago
Hmm, I'm a bit confused. The question mentions both validateRequest and validateAjaxRequest, so I'm not sure if the validation needs to be done in different places depending on whether it's a regular form submission or an AJAX request.
upvoted 0 times
...
Mose
8 months ago
This seems straightforward. The CSRF token is generated in the form, so the validation check needs to be done when the form is submitted, which would be in the controller function that handles the submitted form.
upvoted 0 times
...

Save Cancel