search

vendrhub / vendr-checkout

A ready made checkout flow for Vendr, the eCommerce solution for Umbraco v8+
https://vendr.net/add-ons/vendr-checkout/
MIT License
14 stars 17 forks source link

added antiforgerytokens and httppost attributes #3

Closed garpunkal closed 4 years ago

garpunkal commented 4 years ago

added @Html.AntiForgeryToken() on all items using SurfaceController and Html.BeginPaymentForm(currentOrder), but this will need tying up on the Vendr.Core.Web BeginPayment Form if required.

Added HttpPost on the posted forms.

mattbrailsford commented 4 years ago

Ahh, great suggestion. I'll create an issue around adding this to BeginPaymentForm so that I can keep track of and test that independently, but happy to merge these ones in.

I'm guessing the anti forgery token on the PaymentForm won't break anything right now, it just means it's being ignored until something is implemented in Vendr core?

garpunkal commented 4 years ago

Yeah, I took these directly from our sandbox.

I think it just drops the forgery token on the page and it doesn't get validated until you check on the paymentform.

I did alter our view for "remove discount codes and gift cards" to use a form rather than a HTML.Action and then did the same, but for this PR, I left it out.

Let me know if you'd like me to look at this?

mattbrailsford commented 4 years ago

Cool. And sure, if they can be a little more secure by using posts and it doesn't mess with the page post itself, I'd be happy for those to be updated too :+1: