Orders public in rest api

  • Resolved dplatzer

    (@dplatzer)


    6 years, 1 month ago

    With this plugin activated everone can query all your order including every detail via the rest api (wp-json/wc-analytics/orders)

    this is a terrible privacy issue!!!

Viewing 3 replies - 1 through 3 (of 3 total)
  • Luke Cavanagh

    (@lukefiretoss)

    6 years, 1 month ago

    It should return

    {"code":"woocommerce_rest_cannot_view","message":"Sorry, you cannot list resources.","data":{"status":401}}

    • This reply was modified 6 years, 1 month ago by Luke Cavanagh. Reason: clarify wording
    Jeff Stieler

    (@jeffstieler)

    6 years, 1 month ago

    Thanks for following up here @lukefiretoss.

    @dplatzer – are you able to access Orders via the wc-analytics/orders endpoint without authenticating, or with a user that doesn’t have the read_private_posts capability for the shop_order post type?

    Thanks.

    Plugin Support Nicola Mustone

    (@nicolamustone)

    Automattic Happiness Engineer

    6 years ago

    We haven’t heard back from you in a while, so I’m going to mark this as resolved – if you have any further questions, you can start a new thread.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Orders public in rest api’ is closed to new replies.