Class CSRFProtection | Infocenter

Salesforce B2C Commerce 24.7 > B2C Commerce API > B2C Commerce Script > dw.web

dw.web

Class CSRFProtection

dw.web.CSRFProtection

Used to generate and validate CSRF tokens. CSRFProtection allows applications to protect themselves against CSRF attacks, using synchronizer tokens, a best practice. Once created, these tokens are tied to a user’s session and valid for 60 minutes.

Usage:
Adding CSRF token to forms:

 //CSRF token generation
 <form ... action="">
   <input name="foo" value="bar">
   <input name="${dw.web.CSRFProtection.getTokenName()}"
             value="${dw.web.CSRFProtection.generateToken()">
 </form>

Then, in scripts call:

 dw.web.CSRFProtection.validateRequest();

tokenName : String (Read Only)

The system generated CSRF token name. Currently, this name is not user configurable. Must be used for validateRequest() to work

This class does not have a constructor, so you cannot create it directly.

static generateToken() : String

Constructs a new unique CSRF token for this session.

static getTokenName() : String

Returns the system generated CSRF token name.

static validateRequest() : boolean

Verifies that a client request contains a valid CSRF token, and that the token has not expired.

Methods inherited from class Object

assign, create, create, defineProperties, defineProperty, entries, freeze, fromEntries, getOwnPropertyDescriptor, getOwnPropertyNames, getOwnPropertySymbols, getPrototypeOf, hasOwnProperty, is, isExtensible, isFrozen, isPrototypeOf, isSealed, keys, preventExtensions, propertyIsEnumerable, seal, setPrototypeOf, toLocaleString, toString, valueOf, values

Salesforce B2C Commerce Developer - Certification Tests

Why risk failing the SFCC exam? Get 180 real questions, killer content, and everything you need to crush the Salesforce B2C Commerce Developer certification.

Becoming a Salesforce B2C Commerce Developer is your ticket to higher salaries, better job opportunities, and the credibility to stand out from the competition. But let's be honest—passing the certification exam isn't easy. That's where we come in.

Salesforce Javascript Developer I - Certification Tests

Not just another prep course—this is your shortcut to passing. Master JavaScript for Salesforce and go from 'hoping to pass' to knowing you will. Ready to start?

This isn't just another prep course—it's your shortcut to mastering the skills and confidence you need to pass. With multiple practice tests covering every section and a final exam simulation designed to mirror the real thing, you'll feel like you've already aced it before test day.

Salesforce B2C Commerce Architect - Certification Tests

Think the Developer exam was hard? Welcome to the next level.

The Salesforce B2C Commerce Architect certification is a whole different game—complex solutions, elevated difficulty, and skills that set you apart in the eCommerce industry. That's why we're including 11 downloadable PDF guides, packed with best practices and strategies to help you prepare for the exam and build confidence in every topic.

generateToken

static generateToken() : String

Constructs a new unique CSRF token for this session.

Returns:

a new CSRF token

getTokenName

static getTokenName() : String

Returns the system generated CSRF token name. Currently, this name is not user configurable. Must be used for validateRequest() to work

Returns:

System-generated CSRF token parameter name

validateRequest

static validateRequest() : boolean

Verifies that a client request contains a valid CSRF token, and that the token has not expired. Returns true if these conditions are met, and false otherwise

Returns:

true if request contains a valid CSRF token, false otherwise