Sign Up ›
  • kaarthiksankar AD
  • NEWBIE
  • 0 Points
  • Member since 2014
  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 2
    Questions
  • 0
    Replies
1 replies

Cross Site Request Forgery when receiving post data

I am posting large data from a html page to one of my VF page which has a custom controller.
In the VF page controller I am receiving the data in a page load method using ApexPages.currentPage().getParameters() and inserting the data in to one of the custom object. Every thing works fine.
But when I posted my instance for CheckMarx security review it shows CSRF error for this page.

Referring to the URL https://developer.salesforce.com/forums/ForumsMain?id=906F0000000997PIAQ I have enabled 'Require CSRF protection on GET requests' for my VF page but still I am getting the same CSRF error from CheckMarx.

VF Page:
<apex:page controller="myclass" action ="{!fetch}"></apex:page>

controller:
public class myclass{
public void fetch(){
Map<string,string> objfields = new map<string,string>();
objfields =ApexPages.currentPage().getParameters();

custom1obj__c obj = new custom1obj__c();
//assign the objfields values to obj here
insert obj;
}
}
When I am trying to access the page directly from the URL I am getting the following error
The link you followed isn’t valid. This page requires a CSRF confirmation token. Report this error to your Salesforce administrator.
and when posting the data using the html page it works fine as expected. But still checkmarx results with CSRF error for this page.

 Please help to solve this issue.

Kaarthik

3 replies

Render Blob content on page

I have a requirement to display the blob content on the VF page, Blob content is received from external web service as Base 64 string and I can convert it in to Blob. Tried the following methods to display the content.

1. converted Base64 in Blob and tried to display but it's displaying something "core.filemanager.FileBlobValue@bd9997c " on the page
2. Directly tried to display Base64 string then obviously it's displaying raw string (very large)
etc.

I want to display that content in original format, it can be of any type (pdf, xls, doc,rtf etc).

I should not use attachement or Document to store the file and download providing link to them.

following is the page used for PDF

<apex:page controller="TestDownloadFileController" sidebar="false" contentType="application/pdf" cache="false" >
{!Content}
</apex:page>

Content will have the blob value of Pdf file.

Please help.