Posted on

Magento 2 (My Orders) – Logged in user able to view other users order by passing the order id on the URL

Magento 2 – I’m new to Magento Logged in user is able to view other users orders by changing the order id on the URL. How to restrict this?

Also, I’m showing the CSV option to download the order details next to the view order link on the My orders section by changing the order id users can download the other customer’s orders I want to restrict this? Can anyone help me out here?

Leave a Reply

Your email address will not be published.