search

Worldpay / Worldpay-Magento2-CG

Worldpay Magento 2 Plugin for Worldpay Corporate Gateway
Other
17 stars 35 forks source link

JWT is created on the frontend which is significant security issue #91

Closed mekedron closed 1 year ago

mekedron commented 2 years ago

This is what's said by your documentation: Screenshot from 2022-06-23 20-31-18

This is what you do: https://github.com/Worldpay/Worldpay-Magento2-CG/blob/92407334c9e8e7febcd6037ab2ae008120bdf6e7/view/frontend/templates/jwtiframe.phtml#L46

I think you MUST create JWT on the backend instead of frontend

elavarasann commented 1 year ago

We have fixed this issue in our side already in previous releases.