impairment of site guest user upload due to secruity updates with salesforce spring 20 release
we built a web form with Skuid that has a two-step wizard: In the first step, after clicking on next, a record of a custom object is created. In the second step, further details are entered by the user and files can be uploaded as attachments to the custom object record. After clicking on a send button, the custom object record is updated with the information from step 2.
The Skuid web form is embedded in a Visualforce page, which itself is the starting page of a Visualforce-based community, so the user entering the information is an anonymous site guest user. So far, this has all been working well, until Salesforce rolled out the security updates concerning guest users with the new Spring 20 release on some of our sandboxes. This forced us to make some adjustments regarding the updating logic in step 2, but we got everything working, EXCEPT the file upload:
When the site guest user now tries to upload a file as attachment to the custom object record, the upload fails and the on-upload failure actions of the file upload component are triggered. Debug logs give us no clue as to why the upload fails and we can only conclude that the failure must happen somewhere within the Skuid business logic that takes care of file uploads. We need help as to why the upload is now failing and what we can use as workaround or solution. This is urgent, as with the activation of the guest user security updates on production coming, our web form will not have a working file upload component anymore.
This is the configuration of our file upload component:
Save To: Data Source
Parent Model: Model for the custom object (model is saved in step 1)
File Storage Location: In Attachment to Record
We use Skuid v1, version 12.2.12. At the time of using the file upload component, our site guest user is the owner of the custom object record and that record already exists, so sharing settings should not affect the behavior.
In case you suggest to switch to Content Documents as file storage location: We tried this, but then the file upload component is not displayed at all, so uploading content documents instead of attachments does not seem to work for the site guest user at all (which is why we are using attachments in the first place).
We would like to report this problem to the community and if someone has an idea or even approaches to solve the behaviour, we would be very grateful.
Unfortunatelythis is a hot topic for us, because this is the main feature for our customer.
We are happy to receive a lot of feedback.