+ Start a Discussion
SurenderSurender 

Enable CSRF protection on GET and POST requests - critical update

Hi,

We are in the process of enabling critical updates in our production environment. Before activating critical updates we want to ensure what impact it might cause. I have found review description for the 'Enable CSRF protection on GET and POST requests'. But can you eloborate me that how this critical update impacts environment. Also it would be great that what components/sections that we need to check to avoid impact of this critical update.

Regards
G.Surender
Ashish_SFDCAshish_SFDC
Hi Surender, 


Protects against Cross Site Request Forgery (CSRF) attacks by modifying non-setup pages to include a random string of characters in the URL parameters or as a hidden form field. With every GET and POST request, the application checks the validity of this string of characters and doesn’t execute the command unless the value found matches the value expected. This setting is selected by default for all organizations.

http://www.salesforce.com/us/developer/docs/securityImplGuide/Content/admin_sessions.htm

Secure Coding Cross Site Request Forgery

http://wiki.developerforce.com/page/Secure_Coding_Cross_Site_Request_Forgery


See the below link which has a related discussion,

http://salesforce.stackexchange.com/questions/7574/cross-site-request-forgery-csrf


Regards,
Ashish