- August 9, 2018 at 3:11 pm #31407
Why are Visualforce pages served from a different domain?
Why are Visualforce pages served from a different domain?August 10, 2018 at 6:48 am #31473Avnish Yadav #1
If we see carefully, all our Visualforce pages are served like “c.YOURSERVER.visual.force.com/apex/YOURPAGENAME” ,
“The move to separate domains has one very specific purpose: leverage the browser security model (same domain policy) to protect our customers and the salesforce.com service from cross-site scripting and cross-site request forgery attacks.
Moving to the serving pages from separate domains is a critical component of our ongoing commitment to ensure the highest level of security and availability for everyone.
In the world where everything is served from the same domain any custom page that you visit had full access to any other page in your org and also any page served from salesforce.com itself. This included potentially malicious code that was installed as part of a force.com package.”
Please Register to reply to this topic. /