Yes, in the documentation they are selling that as a feature.
One of the Snipcart's strength is that you do not have to enter your product inventory anywhere. Most of the time you will always have an inventory somewhere or an existing database, so we did not want to have you duplicate information.
So how does it work? All your product information is stored in the HTML markup.
Kind of a major oversight.
I don't really see much use for this, why give another 2% of your sales away? Stripe is already ridiculously easy to integrate.
Yes Stripe is easy to integrate, but we are mostly focusing on frontend developers that want a customizable shopping cart, with all the features like shipping rates calculation, full control on the CSS and a dashboard for their customers with the orders.
So, as a web developer, I'm not seeing anything that would inspire confidence regarding someone simply inspecting & changing this data attribute to:
data-item-price="0.01"
I skimmed through the documentation, but didn't see any real mention of this concern. I think it should be highlighted.
Seems that by allowing it to be in markup it might encourage people to be negligent and perhaps miss verifying that the submitted price is correct... maybe I'm missing something here.
What happens when products are loaded with JS after the initial load? For example, maybe the user presses a "Load More" button, or the site uses infinite scrolling, etc. Do you guys handle that in any way? I'm not trying to trash your product, I'm just genuinely curious.
The markup must be available on the webpage when it loads, but we plan to have JSON endpoints in a very near future, so if the URL that we crawl returns json, we will use it instead of crawling the HTML. It will be documented soon.
Just before the order payment is being done, we crawl the URL of the product, we check for a product with the specified ID and validate that the price, name, any other properties have not been altered. If it has been altered, we reject the order. The URL in data-item-url must be on your site domain, so by example, if you change the data-item-url from snipcart.com/product to myapp.com/product, it will be considered as altered and the order will be rejected.
We will add more informations about how our price validation works very soon. Also, we already suggest our customers to make sure their website is HTTPS also.
"IF YOU SELL, WE GET PAID, IF YOU DON'T, WE'RE NOT"
I don't speak Finnish or Russian, but if I was going to offer businesses an ecommerce solution in those countries, I'd be damn sure my copy was grammatically correct.
Not to bust your balls, but we're talking about moving customers' money around - the details matter.
19 comments
[ 2.7 ms ] story [ 48.1 ms ] threadOne of the Snipcart's strength is that you do not have to enter your product inventory anywhere. Most of the time you will always have an inventory somewhere or an existing database, so we did not want to have you duplicate information.
So how does it work? All your product information is stored in the HTML markup.
Kind of a major oversight.
I don't really see much use for this, why give another 2% of your sales away? Stripe is already ridiculously easy to integrate.
data-item-price="0.01"
I skimmed through the documentation, but didn't see any real mention of this concern. I think it should be highlighted.
Seems that by allowing it to be in markup it might encourage people to be negligent and perhaps miss verifying that the submitted price is correct... maybe I'm missing something here.
But, yes, if that's the case then that should be highlighted in the docs.
We validate that no product informations has been altered.
If so, we simply ignore the order and nothing is charged or processed.
I don't speak Finnish or Russian, but if I was going to offer businesses an ecommerce solution in those countries, I'd be damn sure my copy was grammatically correct.
Not to bust your balls, but we're talking about moving customers' money around - the details matter.