What is the type of issue?
No response
What is the issue?
https://mpp.dev/guides/subscription-payments
According to the documentation, in subscription mode, the client actively passes the X-User-Id header, which the server then parses to associate the user's subscription information. However, this X-User-Id can easily be forged.
What is your recommended implementation standard for a production environment?
Where did you find it?
https://mpp.dev/guides/subscription-payments
What is the type of issue?
No response
What is the issue?
https://mpp.dev/guides/subscription-payments
According to the documentation, in subscription mode, the client actively passes the X-User-Id header, which the server then parses to associate the user's subscription information. However, this X-User-Id can easily be forged.
What is your recommended implementation standard for a production environment?
Where did you find it?
https://mpp.dev/guides/subscription-payments