Wednesday, May 10, 2017

PAGEREFERENCE BEST PRACTICE

In one of my previous post I told how to redirect to standard salesforce classic and why. To give you the recap .

 // ================ This is not recommended ===========
public PageReference customsave() {
    try{
        insert acct;
    } catch (DMLException e) {
        /*do stuff here*/
    }
    PageReference acctPage = new PageReference ('/' + acct.id};
    acctPage.setRedirect(true);
    return acctPage;
}

//========== Recommended way is =======

public PageReference customsave() {
    insert acct; //Error handling removed for brevity. ALWAYS try/catch!
    ApexPages.StandardController sc = new ApexPages.StandardController(acct);
    PageReference acctPage = sc.view();
    acctPage.setRedirect(true);
    return acctPage;
}

In salesforce we have a critical update ticking for another issue where we return the visualforce page reference.
Now it has two security restriction.

  1. With HYPERLINK see here
  2. Returning /apex/page as page reference, Require CSRF Protection on GET requests
When this option is enabled for a Visualforce page, you can’t access that page by entering its URL—/apex/PageName—and plain links to that page using <a> tags don’t work.
Plain links from a page with CSRF checks work, but links to the page do not. For example, if your page has the name PageName, the link <a href="/apex/PageName">Link</a> doesn’t work. Instead, use the URLFOR() formula function, the $Page global variable, or the apex:outputLink component.
<apex:outputLink value="/apex/PageName">Link using apex:outputlink</apex:outputlink>
<a href="{!$Page.PageName}">Link using $Page</a>
<a href="{!URLFOR($Page.PageName)}">Link using URLFOR()</a>
CSRF checks on GET requests also affect how Visualforce pages are referenced from Apex controllers. Methods that return the URL of CSRF-protected pages for the purpose of navigation don’t work:
public String getPage(){
  return '/apex/PageName'; 
}
Instead, use methods that return a reference to the Visualforce page instead of the URL directly.

public class customController {
    public PageReference getPage() {
    return new PageReference('/apex/PageName'); 
  }

  public PageReference getPage1() {
    return Page.PageName; 
  }
}


When you use one of these methods to link to a page, Visualforce adds the required CSRF token to the URL. These are the preferred methods for linking to Visualforce pages, regardless of whether CSRF protection is enabled for the page. These are the only methods available for adding a CSRF token to a URL for a Visualforce page.
at

2 comments:

  1. ngoem199August 14, 2017 at 9:05 PM

    To make yourselves available FNAF Friv Friv Games Thank you both for sharing Holy Mass with us each day Friv Games Twizl Juegos De FNAF when we were called out late at night and any other time and for your support and encouragement in every respect. Friv 2021 Twizl Juegos Yepi Juegos Twizl Thank you for sharing with me a few of your ideas regarding the possibility.
    .

    ReplyDelete
  2. Hannah BakerSeptember 20, 2017 at 5:19 AM

    Thank you for your post. Hawkscode Uk is the leading IT service provider. Hawkscode Uk provides web design london services.

    ReplyDelete

Subscribe to: Post Comments (Atom)

Tips on passing Salesforce AI Associate Certification

  🌟 Motivation to Pursue the Salesforce AI Associate Certification 🌟 The world of technology is in a state of perpetual evolution, and on...