Salesforce Chrome Update
Attention all Google Chrome and Salesforce users, prepare for the Salesforce Chrome update. Coming February of 2020, Google will be releasing an update deemed Google Chrome 80. As a result, changing the behavior of cookies within your browser. Not a Chrome user? Keep reading because Mozilla Firefox and Microsoft Edge are following suit in the coming months.
So, how will the change affect your Salesforce organization? What do you need to do to counteract the impact? Your dependable team at Silo Connectors is here to keep you on track.
Impacts of Salesforce Chrome Extension Update
Secondly, the update can affect any custom Salesforce integration that relies on cookies. The change particularly affects but is not limited to cross-domain communication and integrations that use iframes.
Be sure to check and double-check that integrations are functioning properly in Chrome after the update.
The Purpose of the Browser Updates
According to Google, here is why changes are being made:
"SameSite is a reasonably robust defense against some classes of cross-site request forgery (CSRF) attacks, but developers currently need to opt-in to its protections by specifying a SameSite attribute. In other words, developers are vulnerable to CSRF attacks by default. This change would allow developers to be protected by default while allowing sites that require state in cross-site requests to opt-in to the status quo’s less-secure model."
How to Prepare for the Salesforce Chrome Update
Be sure not to let Chrome 80 disrupt productivity within your Salesforce platform. Stay ahead of any potential impacts of the update by requiring https access to your org. To require https access in your org, ensure that the following Session Settings are enabled:
- Require secure connections (HTTPS)
- Require secure connections (HTTPS) for all third-party domains.
To get to Session Settings navigate to Settings. Then, type “sessions” in the Quick Find box and click the Session Settings.
If either is disabled, your Salesforce org may not be fully functional for Chrome users after the release and possibly the future releases of other web browsers.
Additionally, test any custom Salesforce integrations your org owns that rely on cookies owned and set by the integration. Testing can be done in a Spring '20 sandbox or in a pre-release org. If any regressions are found, update the SameSite attribute on cookies used for cross-site communication to explicitly set SameSite=None; Secure.
Learn more about testing the effects of these changes in the Chromium Blog post Google recently released.