Switching to custom domain (go. subdomain security update)

  • bigheadzach

    (@bigheadzach)


    2 years ago

    In light of a security memo sent out on Mar 8 (https://help.salesforce.com/s/articleView?id=000364239&type=1), it appears that the go.pardot.com domain will no longer function as a source for IFRAME embeds as of April 22.

    Since this plugin rewrites IFRAME src URLs *specifically* to go.pardot.com, should it account for this change?

    For the moment, I’ve personally disabled the method that performs the rewrite, but wanted to make sure everyone was notified of this.

Viewing 3 replies - 1 through 3 (of 3 total)
  • melinauhlig

    (@melinauhlig)

    2 years ago

    We are also concerned about this change and would therefore like to know if and when an adjustment of the Pardot plugin is planned?

    @bigheadzach, how did you disable the method that performs the rewrite, maybe this is a first option for us too until the plugin is updated.

    Thread Starter bigheadzach

    (@bigheadzach)

    2 years ago

    In the file /wp-content/plugins/pardot/includes/pardot-plugin-class.php, there are three references to the method convert_embed_code_https() on lines 646, 752, and 983. I have commented those out, which leaves the IFRAME’s original SRC attribute value unchanged. Note that this still requires the Pardot account owner to modify their forms (which are made available via this plugin) to be housed on a different domain than go.pardot.com, to avoid being affected by the security update on April 22.

    melinauhlig

    (@melinauhlig)

    2 years ago

    Thank you very much for sharing this quick fix.

    However, it would be very helpful if the plugin developers could comment on the upcoming change here and let us know if and when a corresponding update of the plugin is planned.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Switching to custom domain (go. subdomain security update)’ is closed to new replies.