Orphaned CronJobDetail records breaking Scheduled Jobs in Salesforce Summer ’17

For the second year in a row, we’re lucky to be among the first to discover a problem with the summer release of Salesforce, and have that problem become a known issue. Last year LightningLockerServices Critical Update.

What’s the problem?

I’m witnessing an issue in a sandbox we recently refreshed. We’re running a vendor product on top of Salesforce (this issue will still affect you, even if you’re not running the same app). Within the app’s admin panel, I’m trying to start something called ‘Scheduler’, which corresponds to a Salesforce scheduled apex job. However, this job never starts, and no error is gets displayed.

So, something doesn’t work, and we’ve got no leads to follow. That’s where the fun begins!

Continue reading “Orphaned CronJobDetail records breaking Scheduled Jobs in Salesforce Summer ’17”

Too Clever By Half – In Support Of Paired Programming

If you’re like me – a developer who is sometimes too clever by half – you’ll relate to this story.

I just made some changes to a Javascript file in a static resource and when I deployed this from dev to our QA environment, I couldn’t see the fix.  After confirming the file did in fact update by checking its metadata I did a hard cache refresh and…I still couldn’t see my changes.

This went on for a while, and I deliberately explained every step to my rubber ducky.  Each time, I could see the static resource was updating in the Salesforce environment but I wasn’t able to see my changes when I accessed the page.

This drove me nuts.  I hadn’t seen this issue before, and before long I started requesting sanity checks from my coworkers.

“Am I going crazy and missing something, or do we have gremlins in here?”

Continue reading “Too Clever By Half – In Support Of Paired Programming”

Formatting or Parsing Date & DateTime in Salesforce

Over my career I’ve done a number of things, from ColdFusion then developing printer drivers, to .NET, PHP, Dynamics CRM, and now Salesforce, while playing around with things like python and android development in my spare time.  I’m not sure why, but I’ve never had as much of a problem with Date Formats anywhere else as I have with Salesforce.

Continue reading “Formatting or Parsing Date & DateTime in Salesforce”

A Neat Trick For Deploying Security Settings in Change Sets

Have you ever used a change set to deploy, only to find things like record types, field level security, or object access didn’t carry over to production? I came across a neat trick over the weekend that I wanted to pass on.

Continue reading “A Neat Trick For Deploying Security Settings in Change Sets”

Getting MavensMate, Github, & Salesforce to all play nicely

There’s been some confusion lately within my network about how to setup MavensMate, Github, and Salesforce so that they all hold hands together.

What does this look like?  I want a MavensMate project folder that doubles as a local Git project folder.

Continue reading “Getting MavensMate, Github, & Salesforce to all play nicely”

Prepare for Critical Update: Clickjack Protection for Legacy Browsers for Visualforce Pages Without Page Header

In about a weeks time, a Critical Update called Clickjack Protection for Legacy Browsers for Visualforce Pages Without Page Header (Critical Update) will come into effect. This CU extends clickjack protection for legacy version browsers for Visualforce pages that set showHeader="false"  when those pages are configured on API versions older than 27.0.

Clickjack protection is added to VF pages through several security settings, and two of them are affected by this CU:

  • Setup | Security | Session Settings > “Enable clickjack protection for customer Visualforce pages with headers disabled” enables clickjack protection on an org’s Visualforce pages that set the page’s showHeader attribute to false; and
  • Setup | Develop | Sites > “Clickjack Protection Level” enables clickjack protection for Visualforce pages displayed in Force.com Sites.

While the X-Frame-Options HTTP header protects most browsers from clickjack attacks, older versions of IE, for example, don’t respect that header. Some HTML and JavaScript code are therefore added to the page to extend this clickjack protection to older browsers.

Here’s the problem. When you set the Visualforce page’s showHeader attribute to false, VF pages with API version 26.0 and earlier don’t include the necessary HTML and JavaScript to protect legacy browsers from clickjack attacks. This protection is omitted even when the org or the site is configured to include that clickjack protection!

That’s where the CU comes in – it ensures that the expected html markup and JavaScript code are placed on the Visualforce page regardless of its API version, making all pages compliant with the org’s clickjack protection settings.

Figure out which pages are affected:

Navitage to Settings | Develop | Visualforce Pages. Create a new view to show pages whose API version is ‘less or equal’ to 26.0, save it and run it. If you have no pages listed in here, you’re good!

If you have results, you need to make sure your pages are compliant. Open each Visualforce page. If the page’s contentType attribute is not "text/html"  or "text/xhtml" , the page is fine. Check the next.

Specifically, you’re going to be looking for pages that have showHeader  attribute set to false.

If the page has a hardcoded <head>  attribute, this page is likely to have problems. To resolve, manually hardcode a static <html>  and <body> tag in the page, and set the applyHtmlTag  and applyBodyTag  attributes of <apex:page>  to false.

When you activate the CU on a sandbox you’re going to want to test every page, but pay special attention to those that fall into the last category.

Salesforce File Type Security – Change PDF Behaviour To Download or Open In Browser

I learned something today I probably should have already known.  We have a number of PDF reports that used to download when the links were clicked, but were now opening up in the browser.  I started playing with the VF Page to alter this behaviour but soon discovered there’s actually a Salesforce setting that controls how different file types are handled.

Continue reading “Salesforce File Type Security – Change PDF Behaviour To Download or Open In Browser”