Removed line that fetches secret key in transaction form

unicodeveloper / laravel-paystack

:credit_card: :package: :moneybag: Laravel 6, 7, 8, 9, 10 and 11 Package for Paystack

https://paystack.co

MIT License

605 stars 312 forks source link

Removed line that fetches secret key in transaction form #51

Closed derskeal closed 4 years ago

derskeal commented 6 years ago

The payment still works without the line.

s-okubanjo commented 6 years ago

Was about submitting an issue before I saw this. Exposing your secret key in the form is a security flaw, as anybody that inspects your page's html can potentially use the Paystack api as you. The secret key can be fetched from the config or env file instead. Cc @unicodeveloper And update the Readme too. Nice work!