+ Start a Discussion
ShreyankaShreyanka 

CSRF with VF call checkmarx error

Hi Everyone,
I am getting "CSRF with VF call"  checkmarx errorfrom the below code.

Please help me to fix this error.

Thanks in advance!
 
1) Apex code:

public class xyz {

        public abc objabc{get;set;}
        public Boolean sendEmail {get; set;}
        public Task objtask{get;set;}
        public boolean isChecked{get;set;}
    public xyz() {
        
        
        String objabcId = ApexPages.currentPage().getParameters().get('id');
                
            objabc = new abc();
        
             if(objabcId !=null && objabcId !=''){
                 
                 objabc = [Select id,OwnerId,name from abc 
                            where id=:ApexPages.currentPage().getParameters().get('id')];
             }
              
            if(objabc.id!=null){
                sendEmail = true;
                objtask= new task();
                objtask.whatid=objabc.id;
                objtask.RecordTypeId = [select Id,Name from RecordType where name='abcd' and SOBjectType='Task' limit 1].Id;
                objtask.status = 'Completed';
                objtask.type = 'Assigned';
                objtask.OwnerID = UserInfo.getUserId();
                objtask.Subject='Assignment';
            }
    }
      
        public pagereference save() {
            try {
                if(objtask.subject!=null){
                    insert objtask;
                    update objabc;
                    if(sendEmail){                       
                        Database.DMLOptions dlo = new Database.DMLOptions();
                        dlo.EmailHeader.triggerUserEmail = true;
                        database.update(objabc,dlo);                        
                    }
                }else{
                    Apexpages.addMessage(new Apexpages.message(ApexPages.Severity.Error,'Subject cannot be Null !!!'));
                    return null;
                }
                string abcobjurl = objabc.id;
                abcobjurl = abcobjurl.substring(0,3);
                PageReference orderPage = new PageReference('/' + abcobjurl);
                return orderPage;
            } catch (Exception e) {
                system.debug('---inside Exception---'+e.getMessage());
                system.debug('---inside Exception Line---'+e.getLineNumber());
                Apexpages.addMessage(new Apexpages.message(ApexPages.Severity.Error,e.getMessage()));
                return null;
            }
        }
        
}
 
2) VF page code:

<apex:page lightningStylesheets="true" Controller="XYZ" >
    <apex:form >
    <apex:pageblock id="PageBlock-Id" title="Select New Owner">
        <apex:pageBlockSection >
            <apex:outputfield value="{!objabc.Name}"/><br/>
            <apex:inputField value="{!objabc.OwnerId}"/>
                <br/>
            
            <apex:inputcheckbox label="Send Notification Email" value="{!sendEmail}" />
            
        </apex:pageBlockSection> 
        
        <apex:pageBlockSection title="Create Task and Log Hours" >
            <apex:pageMessages id="PageMsgId" /><br/>
            <apex:outputField value="{!objtask.RecordTypeId}"/>
            <apex:outputField value="{!objtask.Status}"/>
            <apex:inputField value="{!objtask.Priority}"/>
            <apex:outputField value="{!objtask.type}" />
            <apex:inputField value="{!objtask.Time_Logged__c}"/>
            <apex:inputField style="width:240px;" value="{!objtask.Description}"/>
        </apex:pageBlockSection> 
        
        <div align="center" draggable="false" >
            <apex:commandButton action="{!save}" value="Save" rerender="PageMsgId"/>
        </div>
    </apex:pageblock> 
    </apex:form> 
</apex:page>

 
PriyaPriya (Salesforce Developers) 
Hi Shreya,

Go to Your VF Page from Setup
Click on Edit button
Find "Require CSRF protection on GET requests" this option in your Page Information just above your vf code block
Make sure you have checked this option to TRUE
Save your page.

Hope this is helpful!

Regards,
Ranjan
ShreyankaShreyanka
Hi Priya,
I have tried this approach too but the error is not resolving. Can you please help me with other approaches.

​​​​Thanks!!