Salesforce Chrome Update

Follow these simple steps to maintain productivity and reduce the problematic impacts of the Salesforce Chrome Update.
February 7, 2020

Salesforce Chrome Update

Attention all Google Chrome and Salesforce users, prepare for the Salesforce Chrome update. Coming February of 2020, Google will be releasing an update deemed Google Chrome 80. As a result, changing the behavior of cookies within your browser. Not a Chrome user? Keep reading because Mozilla Firefox and Microsoft Edge are following suit in the coming months.

So, how will the change affect your Salesforce organization? What do you need to do to counteract the impact? Your dependable team at Silo Connectors is here to keep you on track.

Impacts of Salesforce Chrome Extension Update

Google Chrome 80 will have the largest impact on non-secured (http) web browsers. Cookies will no longer work for cross-site, HTTP access (http). Instead, it will require secured access (https). Cross-site communication, also known as third-party, is when the address associated with a cookie does not match the address of the user website. A less obvious situation arises when an organization owns multiple websites and uses cookies across these websites. Although they are owned by the same organization, it is still considered a cross-site /third-party communication.

Secondly, the update can affect any custom Salesforce integration that relies on cookies. The change particularly affects but is not limited to cross-domain communication and integrations that use iframes.

Be sure to check and double-check that integrations are functioning properly in Chrome after the update.

The Purpose of the Browser Updates

According to Google, here is why changes are being made:

"SameSite is a reasonably robust defense against some classes of cross-site request forgery (CSRF) attacks, but developers currently need to opt-in to its protections by specifying a SameSite attribute. In other words, developers are vulnerable to CSRF attacks by default. This change would allow developers to be protected by default while allowing sites that require state in cross-site requests to opt-in to the status quo’s less-secure model."

How to Prepare for the Salesforce Chrome Update

Be sure not to let Chrome 80 disrupt productivity within your Salesforce platform. Stay ahead of any potential impacts of the update by requiring https access to your org. To require https access in your org, ensure that the following Session Settings are enabled:

  • Require secure connections (HTTPS)
  • Require secure connections (HTTPS) for all third-party domains.

To get to Session Settings navigate to Settings. Then, type “sessions” in the Quick Find box and click the Session Settings.

Session Settings Image

Require HTTPS Image

If either is disabled, your Salesforce org may not be fully functional for Chrome users after the release and possibly the future releases of other web browsers.

Additionally, test any custom Salesforce integrations your org owns that rely on cookies owned and set by the integration. Testing can be done in a Spring '20 sandbox or in a pre-release org. If any regressions are found, update the SameSite attribute on cookies used for cross-site communication to explicitly set SameSite=None; Secure.

Learn more about testing the effects of these changes in the Chromium Blog post Google recently released.

Need help? Get On-Demand access to our team of Certified Salesforce Experts whenever you need it.

map-markertwitter-squarelinkedin-squarephoneenvelopeyoutube-square