Apex Code Development You need to sign in to do that
Don't have an account?
vbadhwar SFDC Security: Validate Legitimate SFDC SOAP servers
If you are integrating external (composite) apps with the Force.com platform, be sure to validate legitimate salesforce.com SOAP servers. Below is the regex to effectively implement this:
https://[^/?]+\\.(sales|visual\\.)force\\.com/services/(S|s)(O|o)(A|a)(P|p)/(u|c)/.*
Basically, this will ensure that the URL must start with ‘https://’, followed by a character other than ‘/‘ or '?' for 1 or more times, followed by a ‘.’, followed by ‘sales’ or ‘visual.’, followed by ‘force.com/services/SOAP/’, followed by ‘u’ or ‘c’, followed by ‘/’
It whitelists the following domains:
https://*.salesforce.com/services/SOAP/u
https://*.salesforce.com/services/SOAP/c
https://*.visual.force.com/services/SOAP/u
https://*.visual.force.com/services/SOAP/c
If you have any questions about this, please do not hesitate to contact me.
Varun Badhwar
Force.com Security Manager
Here you go:
https://[^/?]+\\.(sales|visual\\.|cs[0-9]\\.)force\\.com/services/(S|s)(O|o)(A|a)(P|p)/(u|c)/.*
All Answers
vbadhwar,
The RegEx you provided does not match this url that Salesforce uses for Sandbox sites:
https://xxxx.dev.cs0.force.com/SS/services/Soap/u/15.0/00DT0000000FsaU
Please provide an updated RegEx that will match that url.
Thanks.
Here you go:
https://[^/?]+\\.(sales|visual\\.|cs[0-9]\\.)force\\.com/services/(S|s)(O|o)(A|a)(P|p)/(u|c)/.*
Varun,
Thanks, but unfortunately this RegEx still does not match the link posted. The problem is the /SS/. Also, this may not even matter because Salesforce does not have/maintain SSL certificates for these types of domains.
Thank you.