DocuSign eSignature for Salesforce 7.0 Custom Button Error - This page requires a CSRF confirmation token, New button code format

Starting in DocuSign eSignature for Salesforce 7.0 there will be a new requirement for custom button page callout or window.location.href value. This is to support the latest Salesforce security updates.

The error you'll see if you don't update this is as follows:

Error in Custom Button

Error text: "The link you followed isn’t valid. This page requires a CSRF confirmation token. Report this error to your Salesforce administrator."

The new Salesforce security requirement we're complying with is an extra layer of security to our Visualforce pages that guards against cross-site request forgery (CSRF).

Solution

To support the latest Salesforce security updates, custom button formats MUST be updated to URLFOR format.

***URLFOR works with URL custom buttons in 6.9 if customers want to also test out prior to moving to 7.0.***

An example button transition could be:


Classic Javascript example:


{!REQUIRESCRIPT("/apex/dsfs__DocuSign_JavaScript")}
//********* Option Declarations (Do not modify )*********//
var RC = '';var RSL='';var RSRO='';var RROS='';var CCRM='';var CCTM='';var CCNM='';var CRCL='';var OCO='';var DST='';var LA='';var CEM='';var CES='';var STB='';var SSB='';var SES='';var SEM='';var SRS='';var SCS ='';var RES='';
//*************************************************//

OCO = 'Tag';
DST = 'a2e2cd02-f11e-4c8c-a830-c9f2b6564a9e';
LA = '0';
LF = '0';
CCRM = 'Decision Maker~Signer 1';
CCTM = 'Decision Maker~Signer';

//********* Page Callout (Do not modify) *********//
window.location.href = "/apex/dsfs__DocuSign_CreateEnvelope?DSEID=0&SourceID={!Opportunity.Id}&RC="+RC+"&RSL="+RSL+"&RSRO="+RSRO+"&RROS="+RROS+"&CCRM="+CCRM+"&CCTM="+CCTM+"&CRCL="+CRCL+"&OCO="+OCO+"&DST="+DST+"&CCNM="+CCNM+"&LA="+LA+"&CEM="+CEM+"&CES="+CES+"&SRS="+SRS+"&STB="+STB+"&SSB="+SSB+"&SES="+SES+"&SEM="+SEM+"&SRS="+SRS+"&SCS="+SCS+"&RES="+RES;
//*******************************************//


URL format for Lightning(supported through v6.9):
*note: Content Source should be set to URL

/apex/dsfs__DocuSign_CreateEnvelope?DSEID=0
&SourceID={!Opportunity.Id}
&DST=a2e2cd02-f11e-4c8c-a830-c9f2b6564a9e
&CCRM=Decision+Maker~Signer+1
&CCTM=Decision+Maker~Signer
&LA=0
&LF=0
&OCO=Tag


URLFOR format (required for v7.0+):
*note: Content Source should be set to URL

{!URLFOR('/apex/dsfs__DocuSign_CreateEnvelope', null, [
SourceID = Opportunity.Id,
CCRM = 'Decision Maker~Signer 1',
CCTM = 'Decision Maker~Signer',
DST = 'a2e2cd02-f11e-4c8c-a830-c9f2b6564a9e',
LA = '0',
LF = '0',
OCO = 'Tag'
]
)}

Easy JavaScript button update to the page callout section (for Classic buttons in v7.0+)

As an alternate to the above URLFOR fomat, if you want to keep your existing JavaScript button format, you can also just change the page callout section and preserve your custom code.

  • Copy and Paste the below 'Page Callout' section into your button code to replace your existing page callout (window.location.href variable)
  • Note this example is for sending from an Opportunity, for other objects please change Opportunity.Id to whichever object you're using 
  • Please make sure you have the Option Declarations section at the top to ensure we have declared each variable.


Note: The highlighted section indicates what's changed from the previous standard page callout:
 


//********* Option Declarations (Do not modify )*********// 
var RC = '';var RSL='';var RSRO='';var RROS='';var CCRM='';var CCTM='';var CCNM='';var CRCL=''; var CRL='';var OCO='';var DST='';var LA='';var LF='';var CEM='';var CES='';var STB='';var SSB='';var SES='';var SEM='';var SRS='';var SCS ='';var RES='';
//*************************************************// 


//custom code goes here// 


//********* Page Callout (Do not modify) *********// 
window.location.href = '{!URLFOR('/apex/dsfs__DocuSign_CreateEnvelope',null,[SourceID=Opportunity.Id])}&RC='+RC+'&RSL='+RSL+'&RSRO='+RSRO+'&RROS='+RROS+'&CCRM='+CCRM+'&CCTM='+CCTM+'&CRCL='+CRCL+'&CRL='+CRL+'&OCO='+OCO+'&DST='+DST+'&CCNM='+CCNM+'&LA='+LA+'&LF='+LF+'&CEM='+CEM+'&CES='+CES+'&SRS='+SRS+'&STB='+STB+'&SSB='+SSB+'&SES='+SES+'&SEM='+SEM+'&SRS='+SRS+'&SCS='+SCS+'&RES='+RES; 
//*******************************************//