function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Lily BluntLily Blunt 

CSRF (Cross Site Request Forgery) in SalesforcE?

Hi. I can see there is a setting in "Session Settings" that says CSRF prevention is done for all GET and POST requests. The setting is -
 "Enable CSRF protection on GET requests on non-setup pages".
My question is, does this apply only for standard pages, or does all VF pages also get covered?   Or is it the responsibility of a developer to implement CSRF functionalities for a VF page?
VineetKumarVineetKumar
This setting will only apply for non-setup salesforce pages. Means standard salesforce page those not accessed from the setup menu.
As a developer you must handle the CSRF for your VF page.

Referral link :
https://help.salesforce.com/htviewhelpdoc?id=admin_sessions.htm