You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I would have raised this privately but there's no security policy in place.
The Request model is disabling SSL verification for curl requests via CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER
From what I can see this Request method is used during creation of the payment token.
This is usually used in local development but the SSL verification options shouldn't be disabled in the production code and requests should be made to https:// endpoints.
There's an additional issue that CURLOPT_NOPROGRESS and CURLOPT_VERBOSE are verbose and make parsing server logs difficult.
Is this module actively maintained?
The text was updated successfully, but these errors were encountered:
Hi,
I would have raised this privately but there's no security policy in place.
The Request model is disabling SSL verification for curl requests via
CURLOPT_SSL_VERIFYHOSTandCURLOPT_SSL_VERIFYPEERFrom what I can see this Request method is used during creation of the payment token.
This is usually used in local development but the SSL verification options shouldn't be disabled in the production code and requests should be made to
https://endpoints.There's an additional issue that
CURLOPT_NOPROGRESSandCURLOPT_VERBOSEare verbose and make parsing server logs difficult.Is this module actively maintained?
The text was updated successfully, but these errors were encountered: