Loading
Ongoing maintenance for Salesforce HelpRead More
Feature degradation | Gmail Email delivery failureRead More
B2C Commerce Release Notes
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Protect Against Bots and Malicious Attacks

            You are here:

            1. Salesforce Help
            2. Docs
            3. B2C Commerce Release Notes

            Protect Against Bots and Malicious Attacks

            To help you protect your B2C Commerce environments from bots and malicious attacks, Commerce Cloud is restricting external sources from directly accessing the demandware.net hostname.

            When: Beginning April 15, 2022, we’ll roll out the origin shielding changes in three phases.

            • Phase 1 April 15, 2022–The change is enforced to all newly created production and development realms. New B2C Commerce production and development instances reject all calls made to hyphenated hostnames with a *.demandware.net format.
            • Phase 2 May 15, 2022–The change is enforced to all existing development instances. All development instances reject calls made to hyphenated hostnames with the development-xxx-customer.demandware.net format.
              Note
              Note During this phase, we recommend that you test development instances to determine if any services or applications are impacted, and require updates.
            • Phase 3 August 15, 2022–The change is enforced to all existing production instances. All production instances reject calls being made to hyphenated hostnames with the production-xxx-customer.demandware.net format.
              Note
              Note No extensions are granted. This security rollout is part of the 2022 Holiday preparation.

            How: Beginning April 15, 2022, Traffic is restricted from accessing the demandware.net hostname. This change rejects all calls accessing production and development instances. Impact to your storefront can include disruption on third-party calls and other implementations. To eliminate the impact of this change, modify your implementation as follows.

            Note
            Note Traffic from Business Manager is considered internal to the Salesforce Commerce Cloud system. You can continue to access Business Manager using hostnames in the dash format for demandware.net. For example, Business Manager production-realm-customer.demandware.net, and other hostnames in the dash format for demandware.net aren’t restricted by this change.
            • Update services or applications that use hostnames in the dash format for demandware.net so they direct traffic through a vanity hostname. For example, change production-realm-customer.demandware.net to brand.com or www.brand.com
            • Switch all Salesforce Commerce Cloud service integration and secure connections to Server Name Indication (SNI).

              Non-SNI traffic is impacted as demandware.net is restricted. Work with your browser, point-of-sale, mobile app, or third-party vendor or provider to ensure they can use SNI for API requests to eCDN.

            • During Phase 2, test development instances to determine if any services or applications are impacted, and require updates.
             
            Loading
            Salesforce Help | Article