Hi, I wonder if this in not a vulnerability: the '/stripePayment' endpoint is configured as 'auth: false' and its respective 'savePayment' controller doesn't apply any specific security measures. This leads me to the conslusion that any person knowing that I use strapi-stipe plugin will be able to make a POST request and register a fake transaction in my Strapi backend. In case if I'm missing something - sorry for bothering. Thanks. Greg
@gkanski Hi we have added policies to the router which help to authenticate API calls.
To install the new version strapi-stripe.
Please try out the latest version and let us know what you think.
Hi, I wonder if this in not a vulnerability: the '/stripePayment' endpoint is configured as 'auth: false' and its respective 'savePayment' controller doesn't apply any specific security measures. This leads me to the conslusion that any person knowing that I use strapi-stipe plugin will be able to make a POST request and register a fake transaction in my Strapi backend. In case if I'm missing something - sorry for bothering. Thanks. Greg