It looks like you're new here. If you want to get involved, click one of these buttons!
Bugs & Feature Requests
Gateways, Merchant Accounts, Bank Accounts, Oh My!
Will custom fields be HMAC protected as well?
Hi, we have created some custom fields on our shop, if hmac validation is enabled will those fields be protected as well?
Good question. Our cart validation functionality is designed to prevent a nefarious user from being able to alter a value within an add to cart link or form that you have set within it. The most important aspect there being the price of the product, but then it also prevents editing any other value you've set, whether the name, category, code or a custom attribute you've added to the product.
If you have a custom input in your add to cart form that is an open text input - that's not protected by the cart validations as it's open for the customer to enter anything into it anyway.
As an aside - if you're referring to custom fields on the checkout, our cart validation doesn't apply there. It only applies to add to cart links and forms to validate the data when adding products into the cart.
Does that help?
Thanks for the explanation, is there a way to protect those fields?
Could you clarify where the fields are exactly, and in what way you're wanting to protect them? I'd like to confirm exactly what you're wanting to achieve to ensure we can give you the best advice here.