Documentation You are here: start » v » 2.0 » security_and_privacy_considerations

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
v:2.0:security_and_privacy_considerations [2020/01/24 00:32] – [Personal Information accessible via Receipt] foxybrettv:2.0:security_and_privacy_considerations [2020/01/24 00:33] (current) – [Cart Contents] foxybrett
Line 22: Line 22:
 Since the cart contents persist via a cookie, it could be seen by others on a shared computer. If this is a problem, avoid products that have personal information in the options, or use the ''empty=reset'' functionality where available to clear the session entirely. Since the cart contents persist via a cookie, it could be seen by others on a shared computer. If this is a problem, avoid products that have personal information in the options, or use the ''empty=reset'' functionality where available to clear the session entirely.
  
 +Similarly, the ''/cart'' endpoint allows JSONP requests //without// checking for an origin or referrer header, so it would be possible for a malicious website to access your customers' cart contents. For this reason, we recommend against collecting personal information as product options.
 ===== Security ===== ===== Security =====
 Please [[:primer:security|give this primer a read]]. It's good stuff. Please [[:primer:security|give this primer a read]]. It's good stuff.

Page Tools

Site Tools