Every storefront contains a number of protected requests. Authenticated users who are changing something about their accounts, or submitting personal data to a server to complete an action typically do these requests.
Users have an expectation that only they will ever be making those requests and only when they specifically initiate the request.
Cross-Site Request Forgery breaks that expectation by tricking a user’s browser into making this protected request without their knowledge, but with their authorization. The Commerce Cloud exposes a Cross-Site Request Forgery (CSRF) Protection Framework so that storefront developers may protect any kind of request against this attack.
Protecting Requests from Cross-Site Request Forgery is a best practice as it protects Storefront users from being tricked into purchasing extra items, or sending items to a different address. It protects against a loss of consumer confidence in the site.
CAUTION: The CSRF Protection Framework utilizes information in a user's session. This means that the framework can only successfully validate tokens generated from the same session. The Framework should not be set on login forms as the session changes during that request. It is also illogical to protect the login form as an attacker would be unable to CSRF that form without knowledge of the victim user's username and password.
This CSRF protection can always be defeated by XSS. This is because an XSS attack could simply steal the token and use it in a CSRF attack. If there is no XSS on a site, the CSRF defense is complete.
The following example is a standard form, sending edited shipping data to the storefront. An attacker is easily able to attack this via CSRF.
The following example is a standard form, sending edited shipping data to the storefront but sending as well a generated CSRF Token that only Salesforce Commerce Cloud’s servers can validate.