Security
If you read our last post, "Fix Magento 2 ERR_TOO_MANY_REDIRECTS: Step-by-Step Guide", you know that one of the sneakiest culprits behind the dreaded "Too Many Redirects" error is a Magento configuration setting called web/secure/offloader_header. It might sound like something straight out of a sci-fi movie, but it's actually a super important piece of the Magento puzzle, especially …
Continue reading Understanding Magento 2’s web/secure/offloader_header: Your Fix for Redirect Chaos
Once upon a time in the magical kingdom of PHP, there lived a humble function named intval(). Not as flashy as array_map() or as mysterious as eval(), intval() was a quiet worker bee, transforming values into integers with the wave of its wand. But like all good fairy tales, there’s a twist: intval() had some …
Continue reading The Curious Case of intval: A Programmer’s Tale
The rise of cyberattacks targeting e-commerce platforms continues to be a significant concern for online businesses. In recent months, some of our clients have been dealing with an alarming issue: Trojan orders. These orders contain malicious code injected through customer information fields like first name and last name, with the intent to exploit vulnerabilities in …
Hey, Magento enthusiasts! 🎉 Yesterday, we ventured into the thrilling world of bypassing CSRF validation for specific requests in Magento 2. Today, we’re taking a step back to understand what CSRF is, why it’s crucial for Magento security, and why merchants should think twice before disabling it. Grab your popcorn, because this journey is going …
Continue reading Understanding CSRF: The Guardians of Your Magento 2 Castle
Hello, fellow Magento developers! 🎉 Today, we’re diving into a topic that’s as thrilling as it is necessary: bypassing CSRF validation for specific requests in Magento 2. Now, before you think I’ve lost my marbles, let me clarify—we’re talking about safely and legitimately bypassing CSRF (Cross-Site Request Forgery) validation when certain situations call for it. …
Continue reading Bypassing CSRF Validation for Certain Requests in Magento 2: A Developer’s Guide
A few days ago a client complained their Magento website was suffering from a bot attack in the checkout with the credit card payment. They received thousands and thousands (I mean, thousands, like more than 30 thousand) of failed transaction emails in their email inbox. They immediately asked for our help to investigate and apply …
Occasionally, we often encounter scenarios where generating unique hash tokes is necessary. Hash tokens play a crucial role in various aspects of Magento 2 development, such as security, URL generation, form submission, and more. In this blog post, we will explore different methods to generate unique hash tokens in Magento 2, ensuring their uniqueness and …
Continue reading Generating Unique Hashes in Magento 2 Programmatically
Do you know what is the Form Key and why it exists in Magento? No? I have a piece of good news for you then: you're in the right place. Let's discuss a little bit about the Form Key implementation in Magento 2.
Tiago Sampaio 