Loading
Feature Disruption - Service Cloud VoiceRead More
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Canvas App Settings: Canvas Signed Request Security Control

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Canvas App Settings: Canvas Signed Request Security Control

            This security setting determines the authorization protocol for Canvas integrations.

            Control Name

            Connected Apps: Canvas App Settings: Canvas Signed Request Security

            Recommended Configuration

            Access Method - Signed Request (POST) | OAuth Webflow (GET).

            Control Overview

            This security setting determines the authorization protocol for Canvas integrations, where Signed Request (POST) provides a verifiable payload for pre-authorized users, and OAuth Webflow (GET) uses a redirection-based sequence for on-demand user authorization.

            Security Risk If Not Configured

            Insecure implementation of Canvas access methods, specifically the unnecessary use of the GET-based OAuth webflow, leads to a session token theft risk due to the exposure of sensitive authentication parameters in plaintext URL strings and browser logs.

            Threat Scenarios

            An attacker intercepts an unencrypted GET request or accesses browser history to harvest an active session identifier, later using the stolen token to impersonate the user within the Salesforce instance.

            Estimated CVSS Score Range

            High (7.0–8.9).

            Risk Impact Considerations

            Failure to implement cryptographically signed POST requests facilitates the exposure of sensitive session metadata in browser history or server logs, significantly increasing the probability of persistent account hijacking.

            Higher Risk When

            When using the GET method for applications with administrative permissions, as it relies on user-level consent which can be bypassed or manipulated through social engineering.

            Low Risk When

            When the GET method is restricted to low-sensitivity third-party tools that require explicit user approval, or when the organization enforces strict IP-range restrictions for the framed application.

            Business and Integration Considerations

            While Signed Request (POST) is the secure standard for internal apps, the OAuth Webflow (GET) is appropriate for external "off-the-shelf" integrations where users must self-authorize or for client-side apps that lack a backend to verify cryptographic signatures.

            Recommended Remediation

            Go to the Canvas App Settings for the Connected App and select Signed Request (POST) for all custom internal integrations to ensure sensitive data is transmitted within the request body rather than the URL.

            Security Health Review Guidance

            Security Health Review identifies the use of Signed Request (POST) as a strongly recommended standard for high-assurance integrations to prevent the interception of authentication tokens while acknowledging the GET method for specific third-party self-authorization use cases.

            See Also

             
            Loading
            Salesforce Help | Article