In one of my previous post I told how to redirect to standard salesforce classic and why. To give you the recap .
// ================ This is not recommended ===========
// ================ This is not recommended ===========
public
PageReference customsave() {
try
{
insert acct;
}
catch
(DMLException e) {
/*do stuff here*/
}
PageReference acctPage =
new
PageReference (
'/'
+ acct.id};
acctPage.setRedirect(
true
);
return
acctPage;
}
//========== Recommended way is =======
public
PageReference customsave() {
insert acct;
//Error handling removed for brevity. ALWAYS try/catch!
ApexPages.StandardController sc =
new
ApexPages.StandardController(acct);
PageReference acctPage = sc.view();
acctPage.setRedirect(
true
);
return
acctPage;
}
In salesforce we have a critical update ticking for another issue where we return the visualforce page reference.
Now it has two security restriction.
Now it has two security restriction.
- With HYPERLINK see here
- Returning /apex/page as page reference, Require CSRF Protection on GET requests
When this option is enabled for a Visualforce page, you can’t access that page by entering its URL—/apex/PageName—and plain links to that page using <a> tags don’t work.
Plain links from a page with CSRF checks work, but links to the page do not. For example, if your page has the name PageName, the link <a href="/apex/PageName">Link</a> doesn’t work. Instead, use the URLFOR() formula function, the $Page global variable, or the apex:outputLink component.
<apex:outputLink value="/apex/PageName">Link using apex:outputlink</apex:outputlink>
<a href="{!$Page.PageName}">Link using $Page</a>
<a href="{!URLFOR($Page.PageName)}">Link using URLFOR()</a>
CSRF checks on GET requests also affect how Visualforce pages are referenced from Apex controllers. Methods that return the URL of CSRF-protected pages for the purpose of navigation don’t work:
public String getPage(){
return '/apex/PageName';
}
Instead, use methods that return a reference to the Visualforce page instead of the URL directly.
public class customController {
public PageReference getPage() {
return new PageReference('/apex/PageName');
}
public PageReference getPage1() {
return Page.PageName;
}
}
When you use one of these methods to link to a page, Visualforce adds the required CSRF token to the URL. These are the preferred methods for linking to Visualforce pages, regardless of whether CSRF protection is enabled for the page. These are the only methods available for adding a CSRF token to a URL for a Visualforce page.