CSRF Protection Settings

Udgivelsesdato: Oct 13, 2022

Beskrivelse

Take advantage of the new default CSRF settings to improve organizational security to protect against cross site request forgeries. These settings are enabled by default for all organizations since Spring '14:

The "Enable CSRF protection on GET requests on non-setup pages" protects against Cross Site Request Forgery (CSRF) attacks by modifying non-setup pages to include a random string of characters in the URL parameters or as a hidden form field.
The "Enable CSRF protection on POST requests on non-setup pages" protects against CSRF attacks by modifying non-setup pages to include a random string of characters in the URL parameters or as a hidden form field.

Løsning

How does CSRF settings improve security?

Protects against Cross Site Request Forgery (CSRF) attacks by modifying non-setup pages to include a random string of characters in the URL parameters or as a hidden form field. With every GET and POST request, the application checks the validity of this string of characters and doesn’t execute the command unless the value found matches the expected value. This setting is selected by default.

Alternatively, customer with business justification may need to request the settings to be disabled by contacting Salesforce Support. Once disabled, customer would need to reach out to Salesforce Support to renable.

Related Articles:

Vidensartikelnummer

000387060

Løste denne artikel dit problem?

Giv os besked, så vi kan forbedre os!

CSRF Protection Settings

General Information

Required Cookies

Functional Cookies

Advertising Cookies

General Information

Required Cookies

Functional Cookies

Advertising Cookies

Cookie List