Unwanted "open" CXS site pages

Follow

We would like to inform you that there is a possibility you might publicly share information unintentionally which you would rather keep in-house. The goal of this article is to make you aware what information you share and, if desired, how to make sure that information is no longer publicly shared.

The following information might be unintentionally shared: Company name, Contact info and Hiring manager. This information can appear on two different (visualforce) pages: cxsrec__cxsSearch and cxsrec__cxsSearchDetail. There are two ways to make sure the information is no longer publicly shared:

  1. Remove the fields with confidential information from the pages
  2. Disable these pages for the Site user to make them inaccessible for the outside world

Please note, it may be desirable to have those pages accessible for the outside world, for example to share jobs with candidates or when using the Supplier Portal. Do not disable the pages for the Site user if you use them, but remove the fields from the fieldsets used on those pages. The fieldsets that are used for these two pages are not used on the Supplier Portal, so removing fields from the fieldsets will have no impact on the fields shown in the Supplier Portal.

Are the pages publicly accessible?

To check if the pages are accessible for the outside world follow the steps below:

  1. Go to Salesforce Set-up;
  2. Search in the Quick Find / Search Box for "Sites" and click on it;
  3. Copy the Site URL and paste it in a new incognito window/browser and add /cxsrec__cxsSearch to the URL (you must not be logged in Salesforce in that browser);
  4. If a page opens without any error, this page is accessible from the outside (see image below);
  5. On that page you can click on a job, which will open the cxsrec__cxsSearchDetail page, so you can check if that page is publicly accessible as well.

       cxs_openstaan.png

 

Remove fields from the Fieldsets

  1. Navigate to the Connexys Setup
  2. Click on Media channels (under Advanced setup) and open the applicable media channel(s)
  3. Check which fieldsets are used in the fields Job search fieldset and Job detail fieldset
  4. Navigate to these fieldsets on the Job object and remove the confidential fields like Company name and Contact info (see below image as an example of the Job Detail site)

        cxsopen.png

 

Disable the pages for the Site user

You can change the default Active Site Homepage and remove the default pages and redirect to your own website or to an empty Visualforce page (steps 3, 4 and 5). This is not necessary if you want to disable the visualforce pages for the Site user. Steps 3, 4 and 5 are therefore optional, the other steps are required if you want to disable the pages.

        Change the Active Site Home Page, Disable the Pages and Change the Permission Set

  1. Go to Salesforce Set-up;
  2. Search in the Quick Find / Search Box for "Sites" and click on it;
  3. Click on "Edit" under Action next to the Site Label;
  4. Here you can choose another "Active Site Home Page", for example your own website or a Visualforce page named FileNotFound;
  5. Click on Save;
  6. Open the Site by clicking on the Site Label (if you have more than one active Site, you will need to repeat this for every active Site);
  7. Click on the button "Public Access Settings" on top of the page and scroll to the section Enabled Visualforce Page Access (or click on the quick link on top of the page) and click on "Edit";

    Visualforce_Page_Access.png
  8. Remove the cxsrec.cxsSearch and cxsrec.cxsSearchDetails from the Enabled Visualforce Pages by moving them to the Available Visualforce Pages (see image above) and click on "Save";
  9. Go back to the top of the page and click on the button "View Users";
  10. Open the link below "Full Name" and check if a Permission Set is assigned to the Site User in the related list Permission Set Assignments. If a Permission Set is assigned, please continue with the next steps, otherwise you can skip the next steps;
  11. Click on the "Permission Set Label" and clone the Permission Set;
  12. Open the cloned Permission Set and remove cxsrec.cxsSearch and cxsrec.cxsSearchDetails from the Enabled Visualforce Pages by moving them to the Available Visualforce Pages under the Visualforce Page Access and click on "Save";
  13. Assign the cloned Permission Set to the Site user and remove the other Permission Set from this user.

 
Back to Top

Have more questions? Submit a request

Comments

Powered by Zendesk