Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
v:2.0:security_and_privacy_considerations [2020/01/24 00:32]
foxybrett [Personal Information accessible via Receipt]
v:2.0:security_and_privacy_considerations [2020/01/24 00:33] (current)
foxybrett [Cart Contents]
Line 22: Line 22:
 Since the cart contents persist via a cookie, it could be seen by others on a shared computer. If this is a problem, avoid products that have personal information in the options, or use the ''​empty=reset''​ functionality where available to clear the session entirely. Since the cart contents persist via a cookie, it could be seen by others on a shared computer. If this is a problem, avoid products that have personal information in the options, or use the ''​empty=reset''​ functionality where available to clear the session entirely.
  
 +Similarly, the ''/​cart''​ endpoint allows JSONP requests //without// checking for an origin or referrer header, so it would be possible for a malicious website to access your customers'​ cart contents. For this reason, we recommend against collecting personal information as product options.
 ===== Security ===== ===== Security =====
 Please [[:​primer:​security|give this primer a read]]. It's good stuff. Please [[:​primer:​security|give this primer a read]]. It's good stuff.

Site Tools