Hide sw-access-key from store API requests? #250
Replies: 4 comments 6 replies
-
I love it, If there won't be any breaking change with that (no error, just ignoring this header) the plan would be:
This way we can support all versions, as header will still be passed the old way. In the new API client we generate code for specific API version, so in this case we wouldn't have |
Beta Was this translation helpful? Give feedback.
-
Hold on, how can Shopware then detect in which sales-channel context the API requests occur? |
Beta Was this translation helpful? Give feedback.
-
Some more context: The main question is: Note: |
Beta Was this translation helpful? Give feedback.
-
If I understand correctly, the |
Beta Was this translation helpful? Give feedback.
-
For security reasons, the core team removed the
sw-access-key
from any request in the storefront.See this note (from the 6.5 updates):
https://github.com/shopware/platform/blob/trunk/UPGRADE-6.5.md#removal-of-the--_proxystore-api-api-route
In the end, this means that the
sw-access-key
will not be in the header of any storefront request anymore.The main question is: Do we want to adapt this for security reasons?
Questions/Thoughts about this:
I am open to a discussion about this here. 🤗
Beta Was this translation helpful? Give feedback.
All reactions