Vote 180  points

Invoking Apex code from the standard Entity Details pages with CSRF protection

Salesforce Platform, Apex & Visualforce, Customization, User Experience

Under Point Threshold

There is currently no way to invoke Apex code directly from the standard Opportunity Details page that is CSRF protected when using a custom button. Instead the user needs to be redirected to a separate Visualforce page to press another button in a form or the entire Opportunity Details page gets replaced with a Visualforce page override and the button added to a form there.


One possible solution would be to have an option on custom buttons that will render them in HTML within a form and then utilize the inbuilt post back protection.

3 years ago · 4 Comments ·Merge Idea · Report Abuse

1 to 4 of 4



from AppExchange


Help us to keep IdeaExchange clean by pointing out overlapping ideas. We'll investigate your suggestion and merge the ideas if it makes sense.



Thanks for your merge suggestion. We will review it shortly and merge the ideas if applicable. takes abuse situations very seriously. Examples of abuse include but are not limited to posting of offensive language or fraudulent statements. To help us process your request as quickly as possible, please fill out the form below describing the situation. For privacy and security reasons, the final outcome of an abuse case may not be revealed to the person who reported it.


Thank you for your feedback. We take abuse seriously and will investigate this issue and take appropriate action.