Cross-Site Request Forgery (CSRF) protection on GET requests on non-setup pages is disabled

Impact area

Security

Severity

Medium

Affected element

Org Config

Rule ID

SF-0157

Impact

Increased vulnerability to Cross-Site Request Forgery (CSRF) attacks.


Remediation

Enable this setting as described in this Salesforce knowledgebase article.

Time to fix

30 min

References

This rule is linked to Common Weakness Enumeration CWE-352 Cross-Site Request Forgery (CSRF).




Last modified on Oct 13, 2020