search

magenx / Magento-nginx-config

Default Nginx config for Magento 2
https://www.magenx.com
GNU General Public License v3.0
506 stars 211 forks source link

Block Estimated Shipping Methods #33

Closed Amadeco closed 4 years ago

Amadeco commented 4 years ago

Good afternoon,

I do not know why this URL is blocked :
https://github.com/magenx/Magento-nginx-config/blob/06937db83dbab281d10e554f795d513f75fe613b/magento2/conf_m2/maps.conf#L28

However this URL is used in checkout page cart to estimate shipping rates ?

Thank you,

Ilan

Amadeco commented 4 years ago

http://www.****.com/rest/default/V1/guest-carts/YNNLFH9uZ5DRP9MZiBmLO9cdatiAYZ89/totals-information

{"grand_total":67.5,"base_grand_total":81,"subtotal":63.33,"base_subtotal":63.33,"discount_amount":0,"base_discount_amount":0,"subtotal_with_discount":63.33,"base_subtotal_with_discount":63.33,"shipping_amount":4.17,"base_shipping_amount":4.17,"shipping_discount_amount":0,"base_shipping_discount_amount":0,"tax_amount":13.5,"base_tax_amount":13.5,"weee_tax_applied_amount":null,"shipping_tax_amount":0.83,"base_shipping_tax_amount":0.83,"subtotal_incl_tax":76,"base_subtotal_incl_tax":76,"shipping_incl_tax":5,"base_shipping_incl_tax":5,"base_currency_code":"EUR","quote_currency_code":"EUR","items_qty":1,"items":[{"item_id":133,"price":63.33,"base_price":63.33,"qty":1,"row_total":63.33,"base_row_total":63.33,"row_total_with_discount":0,"tax_amount":12.67,"base_tax_amount":12.67,"tax_percent":20,"discount_amount":0,"base_discount_amount":0,"discount_percent":0,"price_incl_tax":76,"base_price_incl_tax":76,"row_total_incl_tax":76,"base_row_total_incl_tax":76,"options":"[{\"value\":\"En stock\",\"label\":\"Disponibilit\\u00e9\"}]","weee_tax_applied_amount":0,"weee_tax_applied":"[]","name":"Nippon White, 4 assiettes blanches or, coffret cadeau"}],"total_segments":[{"code":"subtotal","title":"Sous-total","value":76},{"code":"initial_fee","title":"","value":0},{"code":"shipping","title":"Frais de port (Standard - Colis)","value":4.17},{"code":"tax","title":"Taxe","value":13.5,"area":"taxes","extension_attributes":{"tax_grandtotal_details":[{"amount":13.5,"rates":[{"percent":"20","title":"TVA Normale"}],"group_id":1}]}},{"code":"grand_total","title":"Montant global","value":81,"area":"footer"}]}

magenx commented 4 years ago

this is for you to know that some API access is still open for everyone, Magento 2 for some reason request API from itself (i dont know why) before some version Magento 2 API was unprotected at all.

just let you know. you can comment this part of config or create your logic to control it.

Amadeco commented 4 years ago

this is for you to know that some API access is still open for everyone, Magento 2 for some reason request API from itself (i dont know why)

Good morning,

This is used by all AJAX requests from checkout process.

~/(.*)/V1/customers/isEmailAvailable Needed it to check if customer has an account in the website before checkout (checked when you entered an email address)

~/(.*)/V1/guest-carts/ Needit for estimated shipping (both shopping cart & checkout process)

I think it will be better to comment this party for people like me which struggle to identify why it was not working. I am no developper so I have installed your nginx configuration without knowing what I about to do.

Cheers, Ilan

magenx commented 4 years ago

you need to understand the server config you have, it is not plug-n-play. best practice is to block everything. also this magento solution is very strange.