nishekh-e-r
commented
1 year ago @gkanski Hi we have added policies to the router which help to authenticate API calls. To install the new version strapi-stripe. Please try out the latest version and let us know what you think.
Hi, I wonder if this in not a vulnerability: the '/stripePayment' endpoint is configured as 'auth: false' and its respective 'savePayment' controller doesn't apply any specific security measures. This leads me to the conslusion that any person knowing that I use strapi-stipe plugin will be able to make a POST request and register a fake transaction in my Strapi backend. In case if I'm missing something - sorry for bothering. Thanks. Greg