+ Start a Discussion

CSRF (Cross Site Request Forgery) in SalesforcE?

Hi. I can see there is a setting in "Session Settings" that says CSRF prevention is done for all GET and POST requests. The setting is -
"Enable CSRF protection on GET requests on non-setup pages".
My question is, does this apply only for standard pages, or does all VF pages also get covered? Or is it the responsibility of a developer to implement CSRF functionalities for a VF page?

July 4, 2016
·
Answer
·
Like
0
·
Follow
1

VineetKumar
This setting will only apply for non-setup salesforce pages. Means standard salesforce page those not accessed from the setup menu.
As a developer you must handle the CSRF for your VF page.

Referral link :
https://help.salesforce.com/htviewhelpdoc?id=admin_sessions.htm

July 4, 2016
·
Like
0
·
Dislike
0

You need to sign in to do that.

Need an account? Sign Up

Have an account? Sign In

Dismiss

Browse by Topic

Welcome to Support!

Show

sorted by

CSRF (Cross Site Request Forgery) in SalesforcE?

You need to sign in to do that.