Require Secure HTTPS Connections (Critical Update)

As part of updates related to Google Chrome’s SameSite cookie changes, HTTPS connections are required to access Salesforce. HTTP connections are no longer permitted. This update enables the Require secure connections (HTTPS) setting on the Session Settings Setup page and prevents it from being disabled. The Require secure connections (HTTPS) for all third-party domains setting isn’t affected by this update.

Where: This change applies to Lightning Experience, Salesforce Classic, and all versions of the Salesforce app in all editions.

When: This critical update is activated automatically on January 30, 2020 in sandboxes and May 1, 2020 in production orgs.

How: We recommend that you test this update in a sandbox or Developer Edition org before enabling it in your Salesforce production org. Ensure that your environment is setup to support HTTPS connections and update all bookmarks and links with the HTTP prefix before the auto-activation date.

To activate this critical update before the auto-activation date, from Setup, in the Quick Find box, enter Critical Updates, then select Critical Updates. For Require Secure HTTPS Connections, click Activate.



If you don’t see this critical update, the Require secure connections (HTTPS) setting is already enabled in your org and no action is required.