Cross-domain session information is exchanged using a GET request instead of a POST request

Rule ID

SF-0164

Impact

Session data is exposed when making cross-domain requests with GET requests. This is not the case with POST requests.

Remediation

Configure your Org to use POST requests when making cross-domain calls as described in this Salesforce documentation page.

Time to fix

30 min

References

This rule is linked to Common Weakness Enumeration CWE-1021 Improper Restriction of Rendered UI Layers or Frames.