Skip to content
This repository was archived by the owner on Apr 5, 2026. It is now read-only.
This repository was archived by the owner on Apr 5, 2026. It is now read-only.

User Story: Move discount validation server-side for cart discounts in src/javascript/frontend/services/cart.js #87

Open
Open
User Story: Move discount validation server-side for cart discounts in src/javascript/frontend/services/cart.js#87
Labels
buggy-fileFiles that are intentionally buggy or brokenneeds-reviewNeeds human reviewsecuritySecurity related issues

Description

@aliAljaffer
aliAljaffer
opened on Oct 13, 2025

As a developer
I want to avoid relying on client-side discount validation in src/javascript/frontend/services/cart.js
So that users cannot tamper with discounts and apply unauthorized reductions

Acceptance Criteria

  • Remove or minimize business-critical discount validation on the client. Ensure the server verifies discount codes and calculates final totals.

Details
The file uses a local discounts map and computes discount amounts client-side (comment: "Client-side discount validation (insecure)"). This allows malicious users to bypass rules.

Metadata

Metadata

Assignees

No one assigned

    Labels

    buggy-fileFiles that are intentionally buggy or brokenneeds-reviewNeeds human reviewsecuritySecurity related issues

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions