Salesforce Real time Scenarios

Saturday, August 4, 2018

Lightningout in W3 schools (Share Lightning Out Apps with Non-Authenticated Users)

Share Lightning Out Apps with Non-Authenticated Users

Paste the below code in the w3 schools which enables you to see the lightning component screen in the external site(w3school). As of my research this is the simple and best POC to show how the Lightning out works in the external sites.
====================================================================
<!DOCTYPE html>
<html>
<head>
<body>
<div id="lightning" />

<script src="https://oliva-developer-edition.ap5.force.com/dave/lightning/lightning.out.js"></script>

<script type="text/javascript">

window.onload= function(){

$Lightning.use("c:CalciApp", function() {
$Lightning.createComponent("c:Calci",
{},
"lightning",
function(cmp) {
// do some stuff
});
}, "https://oliva-developer-edition.ap5.force.com/dave");

}

</script>
==================================================================

Add the ltng:allowGuestAccess interface to your Lightning Out dependency app to make it available to users without requiring them to authenticate with Salesforce. This interface lets you build your app with Lightning components, and deploy it anywhere and to anyone.

A Lightning Out dependency app with the ltng:allowGuestAccess interface can be used with Lightning Components for Visualforce and with Lightning Out.

The ltng:allowGuestAccess interface is only usable in orgs that have Communities enabled, and your Lightning Out app is associated with all community endpoints that you’ve defined in your org.

Note: When you make a Lightning app accessible to guest users by adding the ltng:allowGuestAccess interface, it’s available through every community in your org, whether that community is enabled for public access or not. You can’t prevent it from being accessible via community URLs, and you can’t make it available for some communities but not others.

IMP: this lightningout only works when you keep your community domain in the code. It wont work with your regular org domain.

For more details, please follow the below source.

Lightningout documentation

None of SSO users were able to login.

If SSO is down and you dont have option to login into the Salesforce org completely, don't worry there is a way system administrator can login into the org by hitting below URL

<MyDomain URL>?login=1

Replace My domain url with your companies domain name and try to login, you should be able to login.

Tuesday, May 1, 2018

SALESFORCE CERTIFIED PLATFORM DEVELOPER – SPRING ’18 RELEASE EXAM QUESTIONS

1 of 5. What is the replacement that Salesforce recommends for Force.com IDE 2 Beta?

A. MavensMate for Sublime Text
B. Workbench
*C. Salesforce Extensions for VS Code
D. Developer Console

2 of 5. Which Salesforce command line interface (CLI) command supports the generation of new Apex triggers?

A. force:data:sobject:createtrigger
*B. force:apex:trigger:create
C. force:schema:sobject: -t I createtrigger
D. force:trigger:new

3 of 5. Which debug type captures information related to accessing external objects with the Salesforce Connect cross-org and OData adapters?

A. XDS_REQUEST
*B. XDS_RESPONSE
C. XDS_OBJECT
D. XDS_CONNECT

4 of 5. Which global variable can be used to detect whether a Visualforce page is loaded in Lightning apps with console navigation or standard navigation?

A. $U1.UserTheme
B. $Browser.formFactor
C. $Organization.UlTheme
*D. $User.U1Theme

5 of 5. What can be used to control the styling and behavior of the Salesforce login process?

A. Lightning component login flow
*B. Visualforce Page login flow
C. Process Builder on login event
D. Quick Action on login event

Salesforce Certified Platform App Builder - Spring '18 Release Exam

1 of 5. What is a new feature in Lightning Experience added to Reports and Dashboards in this release?

A. Matrix Reports
B. Joined Reports
C. Row limit filters on Dashboards
D. Subscribe to Reports
*E. Subscribe to Dashboard

2 of 5. How can an App Builder add a Flow to the Action menu on a Lighting record page?

A. Using a Global Action
B. Using an Auto-launched Flow
*C. Using an Object-specific Action
D. Using a Lightning component

3 of 5. Which new standard feature should an App Builder use to collect Sales team feedback about a new Lightning page layout?

A. Survey Quick Action
B. Survey Email Alert
C. Survey Visualforce page
*D. Survey Lightning component

4 of 5. Which data protection functionality does the Individual object provide?

A. Personal Information packaging
B. Personal Information deletion
*C. Data Privacy Preferences
D. Data Privacy Protection

5 of 5. Which object now triggers a Process Builder and Workflow Rule?

A. Orders
*B. Topics
C. Assets
D. Campaigns

Sunday, April 29, 2018

Lightning Known issues

https://success.salesforce.com/issues_index

Saturday, April 28, 2018

Get Cookies Data in VF page

<apex:page >

<script type="text/javascript">

function validate()
{
alert(document.cookie);
}

</script>


<apex:form id="frm">
<apex:pageBlock id="pb">

<apex:commandButton value="Insert" onclick="validate();"/>

</apex:pageBlock>
</apex:form>

</apex:page>

Thursday, April 5, 2018

The LockerService For Lightning Components

This is an introductory post about a new security feature for Lightning Components called "LockerService (LS)". LockerService uses various technologies and techniques to make Lightning Components secure. It will be available as a critical update as part of Summer '16 and will be enforced in Winter '17

DOM Manipulation Libraries
JavaScript has come a long way in recent years. Many DOM manipulation utilities we couldn’t live without in libraries like jQuery are now standard in the language. Modern frameworks like the Lightning Component Framework also provide abstractions that make jQuery less relevant. For example, let’s say you have to set the value of a score input field to 100.

Using jQuery, you would:

Assign a unique id to the input element
Use a jQuery selector to find the input element in the DOM
Assign the value to that DOM element

====================
// Markup:

<input id="score" />

// Code:

var scoreElement = $("#score");

scoreElement.val(100);
======================

Using the Lightning Component Framework, you would:

Declare a score attribute
Bind the input field to the score attribute
Set the value of the score attribute: the bound input field will automatically display the new value.
view sourceprint?

===================
// Markup:

<aura: attribute name="score" type="integer" />

<input value="{!v.score}" />

// Code:
component.set("v.score", 100);
====================

At a high level, LockerService uses various technologies and techniques that are intended to do the following:

Prevent:

Components from causing XSS and similar security issues
Components from reading other component’s rendered data without any restrictions
Components from calling undocumented/private APIs

Enable:

Cool new features like client-side API versioning similar to REST API versioning*
Faster security review
Better and more secure JS development practices
Running 3rd party JS frameworks like React, Angular and so on*
Easily adding or removing new security features and policies

*Some of the features will have limitations and will come during or after Winter 2017 #safeHarbor

Availability

In Winter ’17, LockerService can be activated or deactivated in your org. Note: To ensure compatibility with LockerService before the Summer ’17 release, test your Lightning components in a sandbox or a Developer Edition org.

In Spring ’17, the existing LockerService critical update will tighten Content Security Policy (CSP) to eliminate the possibility of cross-site scripting attacks. These CSP changes will only be enforced in sandbox and Developer Edition orgs. If you have a sandbox or Developer Edition org with the LockerService critical update activated, the stricter CSP will apply when Spring ’17 rolls out. If you deactivate the LockerService critical update before the Spring ’17 release, the stricter CSP won’t be applied.

In Summer ’17, LockerService will be auto-activated for all orgs with no option to disable.

Components Installed from Managed Packages

To control whether LockerService is enforced for components installed from a managed package:

From Setup, enter Lightning Components in the Quick Find box, and then select Lightning Components.
Select the Enable LockerService for Managed Packages checkbox to enforce LockerService for components
installed from a managed package.
Note: The checkbox is only visible when the critical update is activated.

If you deselect the Enable LockerService for Managed Packages checkbox, LockerService is not enforced for
components installed from a managed package. Components that you create in your org still run with enforcement of LockerService restrictions.

Under The Hood

To understand the technology under the hood, let’s take an example app. The below example Lightning app has four components: a button, a Weather component (that internally has a Map sub-component) and a Financecomponent.

Before LockerService

Before LockerService, the DOM tree and JS access for the example lightning app would look like the following image.

In this scenario:

Any JS of any component can call any JS functions of any other component as they are all loaded in the DOM
Any JS can also call any undocumented/private Lightning APIs
Any JS can access real DOM and get rendered data from other components.
Components that are not security reviewed can potentially have security issues.

After LockerService

The same lightning app with all the techniques and technologies used in LockerService will look something like the following image.

With the LockerService turned ON

Salesforce-authored components and JS run in “System mode” (similar to the Operating System’s system mode) and have full access to everything.
Custom components run in “User mode” and don’t have access to the real Document or real “window” object.
Custom components instead gets a custom DOM (“secureDOM”), custom Window and so on.
Custom components can access other components’ DOM as long as they are in the same namespace but won’t be able to access other components’ DOM that are in different namespace. For example, JS in the “Weather” component can access DOM of “Map” component, but won’t be able to access DOM elements of the “Finance” or “button” component.
In addition, custom components will only be able to access public and documented Lightning JS APIs and won’t be able to access Lightning framework’s “private” APIs.
“Use strict” and CSP are enabled and enforced for security of all components.

In Spring ’17, LockerService tightens CSP to eliminate the possibility of cross-site scripting attacks by disallowing the unsafe-inline and unsafe-eval keywords for inline scripts (script-src). Eliminate use of these keywords in your code, and update third-party libraries to modern versions that don’t depend on unsafe-inline or unsafe-eval. These CSP changes are only enforced in sandbox and Developer Edition orgs.

Note:

When LockerService is activated in sandbox or Developer Edition orgs, you can’t edit rich-text fields and the fields are grayed out. We’re working on removing that limitation in a future release.
IE11 doesn’t support CSP, so we recommend using other supported browsers for enhanced security.

Additional Resources

Lighting Components Developer Guide – More details about LockerService and how it works in Lighting components.
Lightning LockerService Video – Get detailed guidance from Salesforce staff.
Salesforce Lightning CLI – Use the code review tool to check your code for LockerService compatibility.
LockerService API Viewer – Check the DOM APIs exposed by LockerService

Code Example

In the below picture, we have a simple ui:button that uses a div (that’s in “c” namespace) for it’s label. Notice how the console.log differs for window, document and div when LockerService is turned ON. Also notice that when the custom component’s JS tries to “walk the DOM” by doing div.parentNode.innerHTML to get the button’s innerHTML, it gets “undefined” because button is in a different “ui” namespace.