Cross-Site Request Forgery (CSRF) protection on GET requests on non-setup pages is disabled
Impact area
Security
Severity
Medium
Affected element
Org Config
Rule ID
SF-0157
Impact
Increased vulnerability to Cross-Site Request Forgery (CSRF) attacks.
Remediation
Enable this setting as described in this Salesforce knowledgebase article.
Time to fix
30 min
References
This rule is linked to Common Weakness Enumeration CWE-352 Cross-Site Request Forgery (CSRF).