Apex Code Development You need to sign in to do that
Don't have an account?
Surender Enable CSRF protection on GET and POST requests - critical update
Hi,
We are in the process of enabling critical updates in our production environment. Before activating critical updates we want to ensure what impact it might cause. I have found review description for the 'Enable CSRF protection on GET and POST requests'. But can you eloborate me that how this critical update impacts environment. Also it would be great that what components/sections that we need to check to avoid impact of this critical update.
Regards
G.Surender
We are in the process of enabling critical updates in our production environment. Before activating critical updates we want to ensure what impact it might cause. I have found review description for the 'Enable CSRF protection on GET and POST requests'. But can you eloborate me that how this critical update impacts environment. Also it would be great that what components/sections that we need to check to avoid impact of this critical update.
Regards
G.Surender
Protects against Cross Site Request Forgery (CSRF) attacks by modifying non-setup pages to include a random string of characters in the URL parameters or as a hidden form field. With every GET and POST request, the application checks the validity of this string of characters and doesn’t execute the command unless the value found matches the value expected. This setting is selected by default for all organizations.
http://www.salesforce.com/us/developer/docs/securityImplGuide/Content/admin_sessions.htm
Secure Coding Cross Site Request Forgery
http://wiki.developerforce.com/page/Secure_Coding_Cross_Site_Request_Forgery
See the below link which has a related discussion,
http://salesforce.stackexchange.com/questions/7574/cross-site-request-forgery-csrf
Regards,
Ashish