Salesforce.com : Data Access Control - 'Enable CSRF protection on GET requests on non-setup pages = true'

Information

This setting controls whether Cross-Site Request Forgery (CSRF) protection on GET requests on non-setup pages is enabled

Solution

Set the value of enableCSRFOnGet to true.

See Also

http://help.salesforce.com/help/pdfs/en/salesforce_security_impl_guide.pdf

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18

Plugin: Salesforce.com

Control ID: 4f3d162b0ee66b32184a3f1fccb2c2d784d4e1a4d05b8c1e5f089746bd261d57