Implement Enhanced Security Controls in Commerce Cloud

Commerce Cloud is implementing a new security measure that blocks traffic to staging instances that doesn’t originate from Commerce Cloud eCDN from accessing the hyphenated demandware.net hostname. This change rejects all calls using ‌hyphenated hostnames, such as staging-, to access the Open Commerce API (OCAPI) or Storefront.

When: This change becomes effective on October 7, 2024.

Why: Currently, traffic through demandware.net doesn’t have eCDN controls in place, posing a potential risk to your data security. Origin Shielding for staging is crucial to make sure that all external traffic goes through the eCDN security layers before reaching your environment.

The introduction of Origin Shielding for staging impacts Commerce Cloud customers who currently have implementations that involve direct calls to POD IPs.

How: To prepare for this upcoming change, Salesforce requests customers take these actions:

• Evaluate your current implementations for calls made to OCAPI or Storefront using direct POD IPs, dot-form hostnames, or hyphenated hostnames for demandware.net. For example, staging.xxx.demandware.net or staging-xxx.demandware.net.
• Update services or applications to use the vanity hostname and route traffic through eCDN.

You can create a proxy zone on Staging instances through the Business Manager and configure a custom hostname with an automatically renewing eCDN Managed certificate for added protection.

For further assistance, contact your Customer Service Manager (CSM).