Lightning Web Security is Salesforce’s latest security update for Lightning and Aura components. Lets uncover Lightning Web Security (LWS) together.
Salesforce’s Transition to Lightning Web Security
Salesforce is switching from Lightning Locker to LWS. But there actually isn’t a difference in security level between Lighting Locker and LWS. The advantage is that this new system gives you more freedom to use different code libraries. It’s like getting a bigger ship with cooler toys.
Lightning Web Security follows the latest web standards. This means your code will work better with modern browsers. And you can now use more third-party tools without fear.
LWS is smart about how it protects your code. It only steps in when needed. This makes your apps run faster and smoother. You get top-notch security without slowing things down.
Currently there is still support for Lightning Locker. However, Salesforce has stated the focus for future updates will be to LWS instead of Lightning Locker.
Implementing Lightning Web Security
To turn on Lightning Web Security, head to Setup in your Salesforce org. Look for “Session Settings” and enable the box next to “Use Lightning Web Security for Lightning web components.” Then save your changes.
For custom Lightning web components, add the lightningwebsecurity=true attribute to the tag in your component’s metadata file.
You can also enable it for specific apps. Go to the App Manager in Setup. Edit the app you want to secure. Find the “Security” section and select “Use Lightning Web Security.”
Remember to test your components after enabling it. Some might need tweaks to work with the new security model.
Migrating from Locker Service
Moving from Locker Service to Lightning Web Security is like trading an old map for a new one. Some components might need changes. Focus on those using DOM APIs or accessing global objects. Also, update your code to use standard web APIs instead of Locker Service wrappers. For example, replace $A.getCallback() with regular JavaScript functions.
Test each component thoroughly after migrating. Pay extra attention to third-party libraries and custom JavaScript.
If you hit a snag, don’t worry. You can temporarily disable Lightning Web Security for specific components while you fix issues.
You can turn off LWS temporarily by going to Setup, then Security, and uncheck “Use Lightning Web Security”.
Need help finding the Salesforce gems?
Let us help! Were seasoned Salesforce treasure hunters.