Apex Code Development You need to sign in to do that
Don't have an account?
Shreyanka "CSRF with VF call" MethodInvokeExpr checkmarx issue in VF page
Hi Everyone,
I am getting "CSRF with VF call" MethodInvokeExpr checkmarx issue in the line 1 of the below code.
Please help me to resolve this.
Thanks in advance!
<apex:page lightningStylesheets="true" Controller="XYZ" >
<apex:form >
<apex:pageblock id="PageBlock-Id" title="Select New Owner">
<apex:pageBlockSection >
<apex:outputfield value="{!objabc.Name}"/><br/>
<apex:inputField value="{!objabc.OwnerId}"/>
<br/>
<apex:inputcheckbox label="Send Notification Email" value="{!sendEmail}" />
</apex:pageBlockSection>
<apex:pageBlockSection title="Create Task and Log Hours" >
<apex:pageMessages id="PageMsgId" /><br/>
<apex:outputField value="{!objtask.RecordTypeId}"/>
<apex:outputField value="{!objtask.Status}"/>
<apex:inputField value="{!objtask.Priority}"/>
<apex:outputField value="{!objtask.type}" />
<apex:inputField value="{!objtask.Time_Logged__c}"/>
<apex:inputField style="width:240px;" value="{!objtask.Description}"/>
</apex:pageBlockSection>
<div align="center" draggable="false" >
<apex:commandButton action="{!save}" value="Save" rerender="PageMsgId"/>
</div>
</apex:pageblock>
</apex:form>
</apex:page>
I am getting "CSRF with VF call" MethodInvokeExpr checkmarx issue in the line 1 of the below code.
Please help me to resolve this.
Thanks in advance!
<apex:page lightningStylesheets="true" Controller="XYZ" >
<apex:form >
<apex:pageblock id="PageBlock-Id" title="Select New Owner">
<apex:pageBlockSection >
<apex:outputfield value="{!objabc.Name}"/><br/>
<apex:inputField value="{!objabc.OwnerId}"/>
<br/>
<apex:inputcheckbox label="Send Notification Email" value="{!sendEmail}" />
</apex:pageBlockSection>
<apex:pageBlockSection title="Create Task and Log Hours" >
<apex:pageMessages id="PageMsgId" /><br/>
<apex:outputField value="{!objtask.RecordTypeId}"/>
<apex:outputField value="{!objtask.Status}"/>
<apex:inputField value="{!objtask.Priority}"/>
<apex:outputField value="{!objtask.type}" />
<apex:inputField value="{!objtask.Time_Logged__c}"/>
<apex:inputField style="width:240px;" value="{!objtask.Description}"/>
</apex:pageBlockSection>
<div align="center" draggable="false" >
<apex:commandButton action="{!save}" value="Save" rerender="PageMsgId"/>
</div>
</apex:pageblock>
</apex:form>
</apex:page>
Go to Your VF Page from Setup
Click on Edit button
Find "Require CSRF protection on GET requests" this option in your Page Information just above your vf code block
Make sure you have checked this option to TRUE
Save your page.
Hope this is helpful!
Regards,
Ranjan