CSRF Protection Settings

게시 일자: Oct 13, 2022

상세 설명

Take advantage of the new default CSRF settings to improve organizational security to protect against cross site request forgeries. These settings are enabled by default for all organizations since Spring '14:

The "Enable CSRF protection on GET requests on non-setup pages" protects against Cross Site Request Forgery (CSRF) attacks by modifying non-setup pages to include a random string of characters in the URL parameters or as a hidden form field.
The "Enable CSRF protection on POST requests on non-setup pages" protects against CSRF attacks by modifying non-setup pages to include a random string of characters in the URL parameters or as a hidden form field.

솔루션

How does CSRF settings improve security?

Protects against Cross Site Request Forgery (CSRF) attacks by modifying non-setup pages to include a random string of characters in the URL parameters or as a hidden form field. With every GET and POST request, the application checks the validity of this string of characters and doesn’t execute the command unless the value found matches the expected value. This setting is selected by default.

Alternatively, customer with business justification may need to request the settings to be disabled by contacting Salesforce Support. Once disabled, customer would need to reach out to Salesforce Support to renable.

Related Articles:

Knowledge 기사 번호

000387060

이 기사를 통해 문제를 해결했습니까?

개선을 위한 의견을 보내주세요.

CSRF Protection Settings

General Information

Required Cookies

Functional Cookies

Advertising Cookies

General Information

Required Cookies

Functional Cookies

Advertising Cookies

Cookie List