Closed metade closed 9 years ago
@metade how can anonymous users see their order without the token?
They will still be able to return to the order success page on their current browser session, but on a new browser session they would have to sign in to be able to see it.
I don't see there's much value in anonymous access to an order complete page. Usually all the details you need are in the confirmation email or if a more complex interaction is required then the user needs to sign in to perform it.
More details here: https://github.com/spree/spree/pull/6072
@metade thanks, didn't noticed it was also removed on spree
This exposes the order success page to the world which raises all sorts of privacy concerns.