O'Reilly logo

Visualforce Developer's Guide by W.A.Chamil Madusanka

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Cross-site request forgery (CSRF)

The Web does not, and cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. In effect, when a server receives a request it has no ability to determine whether that was initiated by a valid user or an attacker, leading to potential escalation of the privilege or theft of data attacks.

The Force.com platform has implemented an anti-CSRF in standard controllers. Each page has random characters as a hidden field. When we load the next page, the validity will be checked and the command will be executed after the value matches with the expected value.

The following code has bypassed the anti-CSRF controls in a custom method called ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required