Cross-domain session information is exchanged using a GET request instead of a POST request
Impact area
Security
Severity
Medium
Affected element
Org Config
Rule ID
SF-0164
Impact
Session data is exposed when making cross-domain requests with GET requests. This is not the case with POST requests.
Remediation
Configure your Org to use POST requests when making cross-domain calls as described in this Salesforce documentation page.
Time to fix
30 min
References
This rule is linked to Common Weakness Enumeration CWE-1021 Improper Restriction of Rendered UI Layers or Frames.