Cross-domain session information is exchanged using a GET request instead of a POST request

Impact area

Security

Severity

Medium

Affected element

Org Config

Rule ID

SF-0164

Impact

Session data is exposed when making cross-domain requests with GET requests. This is not the case with POST requests.


Remediation

Configure your Org to use POST requests when making cross-domain calls as described in this Salesforce documentation page.

Time to fix

30 min

What's here


Related content

Org Configuration rules