How to Enable Locker Service for Managed Packages

My understanding of LockerService is that it provides an additional security measure, to compensate for a weakness in the lightning components system. According to this blog post by Salesforce, LockerService prevents:

  • Components from causing XSS and similar security issues. XSS means cross-site scripting and is a security vulnerability often found in web applications.
  • Components from reading other components’ data without any restrictions.
  • Components from calling undocumented/private APIs.

It also enables:

  • Cool new features like client-side API versioning similar to REST API versioning. REST stands for REpresentational State Transfer, and is a way of providing interoperability between computer systems on the internet (Wikipedia).
  • Faster security review.
  • Better and more secure JS development practices.
  • Running 3rd party JS frameworks like React, Angular etc.
  • Easily adding or removing new security features and policies.

Most managed packages ought to be adapted to LockerService. It’s fairly easy to enable LockerService for managed packages. Just go Setup > Lightning Components. Then check Enable Locker Service for Managed Packages. Click Save.

Screen Shot 2017-05-24 at 1.47.53 pm.png

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s