To easily store a set of data, image(s) or styles, Salesforce provides StaticResources. This is often nicely used to develop sweet-looking-pages, or enable external scripts to be loaded. However, one should tread this like public data.

Regardless of the Cache Control – Private vs. Public – every Site or Community visitor is able to get a list of ALL static resources available in your environment. On each public page (Site) or Community page one can call below Javascript variable which will provide an Object with ALL static resources. Per Static Resource the object holds the timestamp of the latest cached version and namespace if applicable (see sample screenshot).

Aura.StaticResourceMap

Accessing any of these static resources, being on a Site or Community page, is of course just a matter of copy-paste. In below table you find the references. If needed, one can optionally add a timestamp (Epoch) between resource and the resource name, to enforce Salesforce to retrieve the latest version (e.g. customDomain.com/resource/1608809470000/APXTConga4__ComposerLogoRed).

TypeURLStatic Resource
Standard Site Pagehttps://mydomain.force.com/sitePathhttps://mydomain.force.com/sitePath/resource/[namespace__][name]
Standard Community Pagehttps://mydomain.force.com/sitePath/s/https://mydomain.force.com/sitePath/resource/[namespace__][name]
Custom Domainhttps://customDomain.com/https://customDomain.com/resource/[namespace__][name]

Conclusion

With this post I hope to make one aware of the potential risk of putting too much in a static resource, assuming nobody knows the name, or not making it ‘Public’. All resources are as easy to retrieve, so be aware and threat those with caution! 💪

How useful was this post?

Average rating 5 / 5. Vote count: 1

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Leave a comment

Your email address will not be published. Required fields are marked *