JayWood
commented
3 years ago Valid point, this seems like a regression as I was originally replacing the server key, not sure what happened.
Open YouHaveTrouble opened 3 years ago
JayWood
commented
3 years ago Valid point, this seems like a regression as I was originally replacing the server key, not sure what happened.
There is currently security risk with WooMinecraft logging connection url when it gets unexpected response.
There isn't a given that all people having access to console have access to the woocommerce shop key. This can result in possible sabotage where someone would set up a server with the key and redeemed the purchases there instead of the server it's supposed to.
Best way to fix this is to send the server key in a header instead of in the url and display the data based on header rather than raw url on wp plugin side.