Activity Forums Salesforce® Discussions Why are Visualforce pages served from a different domain?

  • Avnish Yadav

    Member
    August 10, 2018 at 6:48 am

    Hello Anurag,

    If we see carefully, all our Visualforce pages are served like “c.YOURSERVER.visual.force.com/apex/YOURPAGENAME” ,
    And because of this most of time, we run into Same-Origin Policy error in Javascript if we try to access parent page from Iframe. Following reason is explained by one of the evangelists of Salesforce:

    “The move to separate domains has one very specific purpose: leverage the browser security model (same domain policy) to protect our customers and the salesforce.com service from cross-site scripting and cross-site request forgery attacks.

    Moving to the serving pages from separate domains is a critical component of our ongoing commitment to ensure the highest level of security and availability for everyone.

    In the world where everything is served from the same domain any custom page that you visit had full access to any other page in your org and also any page served from salesforce.com itself. This included potentially malicious code that was installed as part of a force.com package.”

    Thanks.

Log In to reply.

Popular Salesforce Blogs

Popular Salesforce Videos