PATCH_SUPEE-8788 and full page caching (magento 1.7.0.2)
https://magento.stackexchange.com/questions/140842
-
03-10-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
PATCH_SUPEE-8788 introduced form_keys for the form on catalog_product_view, and the Cart Controller checks if they are valid. So far so good, but our shop uses the Lesti_FPC full page cache extension and a varnish cache, so the form_keys on the product form never fit to the ones in the session so our customers can't add products to their carts if we fully implement SUPEE-8788.
For now we've implemented the patch without form_key validation in the Cart Controller.
Is there a best practice for using form_keys and full page caches or varnish? Is there anything bad that can be done if there is no form key validation in the cart controller other than adding random products to someones cart?
Solution
3 years ago Gordon (Author of Lest_Fpc) created a fix for the form_key:
https://github.com/GordonLesti/Lesti_Fpc/commit/e3725928fcac1924ed663c33bd4067e99b3e7eb1
So, you can use <!-- fpc form_key_placeholder --> as Placeholder and it will be automaticly replaced with the correct form_key
