CSRF Considerations for Lightning Connect—OData 2.0 and 4.0 Adapters | Salesforce
Understand the special behaviors, limitations, and recommendations for Cross-Site Request Forgery (CSRF) on OData external data sources.
|Available in: both Salesforce Classic and Lightning Experience|
|Available in: Developer Edition|
Available for an extra cost in: Enterprise, Performance, and Unlimited Editions
- CSRF protection isn’t available for high-data-volume external data sources.
- Make sure that the URL of the external data source starts with https:// so that secure HTTP can prevent unauthorized access to the anti-CSRF token and cookie.
- In addition to enabling CSRF protection on the external data source, we recommend keeping CSRF protection enabled in your org’s session security settings. These session settings are enabled by default, and keeping them enabled protects your Salesforce data and your external data from CSRF attacks.
- Enable CSRF protection on GET requests on non-setup pages
- Enable CSRF protection on POST requests on non-setup pages