There are other important changes in the Service Cloud.
- Change to Prevent Self-Service Portal Pages from Redirecting to Non-Salesforce Domains
- To align with our security best practices, the Winter ’15 release includes a change that
prevents Self-Service Portal pages from redirecting to non-Salesforce domains. This action
will eliminate the risk of users unknowingly being diverted to sites by an unauthorized
third party.This update is designed to protect users from potential phishing threats and ensure redirect behavior in the Self-Service Portal is consistent with redirect behavior in the rest of the Salesforce Platform. With the Winter ’15 release, external redirects in the Self-Service Portal will result in the following error message:
“Invalid Page Redirection: The page you attempted to access has been blocked due to a redirection to an outside website or an improperly coded link or button. Please contact your salesforce.com Administrator for assistance.”To prevent any disruption to your service, you must review any implemented pages and remove all instances of redirections to non-Salesforce pages. The following URL redirection parameters are subject to this new behavior in the Self-Service Portal for external URLs:
To direct users to an external website from the Self-Service Portal, we recommend the following options:
- Update your links to point directly to the intended website. For example, change <a href = "https://na1.salesforce.com/sserv/portal.jsp?retURL=http://company.com"> to <a href = "http://company.com">.
- Use Visualforce and Apex to recreate the intended process. For more information on developing redirects, refer to the Apex PageReference documentation.