tabshift/payloadcms
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

chore(plugin-stripe)!: disables rest proxy by default (#6230)

Browse Source
This commit is contained in:
Jacob Fletcher
2024-05-06 17:33:43 -04:00
committed by GitHub
parent ac5d744914
commit e1ff92e8c6
3 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
docs/plugins/stripe.mdx
View File

@@ -85,7 +85,7 @@ The following custom endpoints are automatically opened for you:
##### Stripe REST Proxy
If `rest` is true, proxies the [Stripe REST API](https://stripe.com/docs/api) behind [Payload access control](https://payloadcms.com/docs/access-control/overview) and returns the result. If you need to proxy the API server-side, use the [stripeProxy](#node) function.
If `rest` is true, proxies the [Stripe REST API](https://stripe.com/docs/api) behind [Payload access control](https://payloadcms.com/docs/access-control/overview) and returns the result. This flag should only be used for local development, see the security note below for more information.
```ts
const res = await fetch(`/api/stripe/rest`, {
@@ -106,6 +106,8 @@ const res = await fetch(`/api/stripe/rest`, {
})
```
If you need to proxy the API server-side, use the [stripeProxy](#node) function.
<Banner type="info">
<strong>Note:</strong>
<br />
@@ -113,6 +115,12 @@ const res = await fetch(`/api/stripe/rest`, {
config.
</Banner>
<Banner type="warning">
<strong>Warning:</strong>
<br />
Opening the REST proxy endpoint in production is a potential security risk. Authenticated users will have open access to the Stripe REST API. In production, open your own endpoint and use the [stripeProxy](#node) function to proxy the Stripe API server-side.
</Banner>
## Webhooks
[Stripe webhooks](https://stripe.com/docs/webhooks) are used to sync from Stripe to Payload. Webhooks listen for events on your Stripe account so you can trigger reactions to them. Follow the steps below to enable webhooks.

3
packages/plugin-stripe/src/index.ts
View File

@@ -20,8 +20,7 @@ export const stripePlugin =
// set config defaults here
const pluginConfig: SanitizedStripePluginConfig = {
...incomingStripeConfig,
// TODO: in the next major version, default this to `false`
rest: incomingStripeConfig?.rest ?? true,
rest: incomingStripeConfig?.rest ?? false,
sync: incomingStripeConfig?.sync || [],
}

2
packages/plugin-stripe/src/types.ts
View File

@@ -29,7 +29,7 @@ export type SyncConfig = {
export type StripePluginConfig = {
isTestKey?: boolean
logs?: boolean
// @deprecated this will default as `false` in the next major version release
/** @default false */
rest?: boolean
stripeSecretKey: string
stripeWebhooksEndpointSecret?: string