If "Enable Secure Static Resources for Lightning Components" Release Update is enabled, static resources are served from visualforce.com domain. 

Everything seems fine for images, scripts, css,... 
But FONTs (ttf, woff, woff2) referenced by CSS will fail to load.


This update should be enabled before 10-MAY-2021, but its presents seriuos issue for which we are unable to find any workaround.

Any ideas?

Security.stripInaccessible() will remove all ids of non-reparentable M-D fields from the record while using System.AccessType.UPSERTABLE. 

That will inevitably result in failures for records which are about to be inserted during the upsert as required m-d realtionship id values were removed. 

That makes stripInaccessible fn useless to enfore FLS before commiting to the database if there are any M-D fields involved.

I understand why its happening, but M-D Ids shoud not be removed in this case. And If there are any changed M-D parents for already existing records in dataset, system will prevent it the standard way. 

Security.stripInaccessible()  is a great and easy replacement for previous implementations, but with this flaw it does not cover all the usecases.



  

Security.stripInaccessible() will remove all ids of non-reparentable M-D fields from the record while using System.AccessType.UPSERTABLE. 

That will inevitably result in failures for records which are about to be inserted during the upsert as required m-d realtionship id values were removed. 

That makes stripInaccessible fn useless to enfore FLS before commiting to the database if there are any M-D fields involved.

I understand why its happening, but M-D Ids shoud not be removed in this case. And If there are any changed M-D parents for already existing records in dataset, system will prevent it the standard way. 

Security.stripInaccessible()  is a great and easy replacement for previous implementations, but with this flaw it does not cover all the usecases.



  

If "Enable Secure Static Resources for Lightning Components" Release Update is enabled, static resources are served from visualforce.com domain. 

Everything seems fine for images, scripts, css,... 
But FONTs (ttf, woff, woff2) referenced by CSS will fail to load.


This update should be enabled before 10-MAY-2021, but its presents seriuos issue for which we are unable to find any workaround.

Any ideas?

Security.stripInaccessible() will remove all ids of non-reparentable M-D fields from the record while using System.AccessType.UPSERTABLE. 

That will inevitably result in failures for records which are about to be inserted during the upsert as required m-d realtionship id values were removed. 

That makes stripInaccessible fn useless to enfore FLS before commiting to the database if there are any M-D fields involved.

I understand why its happening, but M-D Ids shoud not be removed in this case. And If there are any changed M-D parents for already existing records in dataset, system will prevent it the standard way. 

Security.stripInaccessible()  is a great and easy replacement for previous implementations, but with this flaw it does not cover all the usecases.



  

Hi,

When users log in to Salesforce via frontdoor.jsp (http://docs.releasenotes.salesforce.com/en-us/winter14/release-notes/security_frontdoorjsp.htm), they are unable to access Saleforce Canvas apps. 

The exact error is:

Oops, there was an error rendering Force.com Canvas application [Cavnas_App_Name].
Your browsing session has ended or is invalid. Please re-login to Salesforce.com again.

Everything else within Salesforce appears to be working fine, so we know the session is valid.

We have tried adding all OAuth scopes (including full and web) to the Canvas app, but still get the same error.

Any ideas?