• #31407

    Why are Visualforce pages served from a different domain?

    Why are Visualforce pages served from a different domain?



    Hello Anurag,

    If we see carefully, all our Visualforce pages are served like “c.YOURSERVER.visual.force.com/apex/YOURPAGENAME” ,
    And because of this most of time, we run into Same-Origin Policy error in Javascript if we try to access parent page from Iframe. Following reason is explained by one of the evangelists of Salesforce:

    “The move to separate domains has one very specific purpose: leverage the browser security model (same domain policy) to protect our customers and the salesforce.com service from cross-site scripting and cross-site request forgery attacks.

    Moving to the serving pages from separate domains is a critical component of our ongoing commitment to ensure the highest level of security and availability for everyone.

    In the world where everything is served from the same domain any custom page that you visit had full access to any other page in your org and also any page served from salesforce.com itself. This included potentially malicious code that was installed as part of a force.com package.”


Viewing 2 posts - 1 through 2 (of 2 total)

Please to reply to this topic.


We're not around right now. But you can send us an email and we'll get back to you, asap.


About Us

Forcetalks is a Salesforce collaboration platform for coders & developers, geeks & nerds, consultants & business heads, admins & architects, managers & marketers and of course the business owners. A community where you can learn from, where you can contribute to. For you. For Salesforce. Read More...

Copyright 2019 Forcetalks. All Right Reserved.

Log in with your credentials


Forgot your details?