160 results found
-
Improve the processing time of Restriction Group Rebuild step
I’m seeing only one CPU core was utilized during the execution of the job Rebuild Search Index. As a result the Restriction Group Rebuild step is very slow, even though there are less than 100 items.
2 votes -
Allow Commerce Search v3 for Local Development
Local debugging for Commerce Search v3 is currently unavailable, and renders the site completely unusable. This is, to put it bluntly, absolutely unacceptable. As far as I can tell, the only workaround presently is to switch to Search v2 for local development. At very least, there should be a way to have the system default to Search v2 when working locally, regardless of what is configured.
1 voteI can confirm that currently Commerce Search v3 does not support Local Development.
- Until local support is available, partners are currently working from Sandbox environments or if working on non search related activities they may be switching to alternative provider while working locally.
While the suggestion to automatically fallback to Search v2 during local development is technically possible, it would mask actual system behavior and could lead to incorrect assumptions, missed issues, or inconsistent environment (sandbox vs local). For that reason, we are unlikely going to implement an automatic fallback to alternative search provider and switching search providers will remain a manual action at this time.
- We fully understand your frustration, and how the inability to debug or run the site locally with Search v3 enabled is a significant disruption.
- We are actively evaluating options to enable limited local development against sandbox instances, and work is underway to determine…
-
We need to be either notified or be able to see the Password re-set e-mails being suppressed in at Optimizely
We need to be either notified or be able to see the Password re-set e-mails being suppressed in at Optimizely
1 vote -
Manage email suppression list
Allow the management of the email suppression list to which email addresses are added after multiple failure to send email.
Currently there is no visibility to this list.3 votes -
Captcha functionality
Please note: this idea required splitting so that various points may be addressed as information becomes available.
New request:
Captcha functionality - when users initially come into the site or users are starting an order or users are entering credit card information
Original request:
Please help with implementing below security features ASAP. There are so many frequent attacks on the website that causes the websites to go down.
- Geographical Rate Limiting - Add rules with rate limiting for traffic outside of specific countries (Challenge beyond the primary range/limit and block beyond the secondary range/limit)
- Basic Rate Limiting - Can we…
4 votesThank you for submitting this request! Our team is currently reviewing if and how we may implement this feature, particularly with consideration of our wide client base. We will provide an update once we have completed this investigation.
-
Enable Cloudflare's leaked credentials detection
Please note: this idea required splitting so that various points may be addressed as information becomes available.
New request:
- WAF compromised credentials check
Original request:
Please help with implementing below security features ASAP. There are so many frequent attacks on the website that causes the websites to go down.
- Geographical Rate Limiting - Add rules with rate limiting for traffic outside of specific countries (Challenge beyond the primary range/limit and block beyond the secondary range/limit)
- Basic Rate Limiting - Can we add a rule with rate limiting to block DoS attacks
- Bot Protection - Challenge suspected bots to confirm user…
4 votes -
Bot prevention measures
Please note: this idea required splitting so that various points may be addressed as information becomes available.
New request:
- Bot Protection - Challenge suspected bots to confirm user authenticity
- Bot detection with javascript to identify headless browsers
- Any other WAF rules to protect the website from anonymous usage and attacks
Original request:
Please help with implementing below security features ASAP. There are so many frequent attacks on the website that causes the websites to go down.
- Geographical Rate Limiting - Add rules with rate limiting for traffic outside of specific countries (Challenge beyond the primary range/limit and block beyond the…
6 votes -
Website Stability via Rate Limiting
Please note: this idea required splitting so that various points may be addressed as information becomes available.
New request:
- Geographical Rate Limiting - Add rules with rate limiting for traffic outside of specific countries (Challenge beyond the primary range/limit and block beyond the secondary range/limit)
- Basic Rate Limiting - Can we add a rule with rate limiting to block DoS attacks
Original request:
Please help with implementing below security features ASAP. There are so many frequent attacks on the website that causes the websites to go down.
- Geographical Rate Limiting - Add rules with rate limiting for traffic outside of…
4 votes -
Make Wishlist Item Line Note Searchable within the Wishlist Search Bar
Problem Statement:
As a frequent user of Lists within the site, I need to find items based on custom information I have added to the Line Note within the List so that I can be sure I am ordering the proper item.Proposed Solution:
Allow for the user to use the existing search field within Lists to find text within the Line Notes of items in the list. Customers will often put Ordering Details, Stocking Data, or even Custom Part Numbers within that field so they can be clear about what is ordered. But, those notes are not searchable, so…1 voteThank you for submitting this request! We have added this item to our backlog for future consideration and prioritization.
-
Control Panel Scheduler Must take Time Changes into account without re-scheduling jobs twice a year.
1) Goals
• Users can schedule jobs using their local date/time and time zone, and the job will run at the correct absolute instant even across DST and zone changes.
• This must take into account Daylight Savings time changes in the Spring and Fall
• The current Opti control panel only allows one time zone to be used (UTC). Need the ability to handle more than one.
• User should not have to manually re-schedule jobs two times per year when clocks change
• Admins and integrators can display and manage schedules in any time zone, and any time…4 votes -
Reintroduce or Provide Alternative Method to Restrict Access to the Admin Console in Configured Commerce (V3)
As part of our recent internal security audit, we identified a vulnerability related to unrestricted access to the Optimizely Configured Commerce Admin Console.
In the legacy V1 architecture, administrators could restrict Admin Console access by domain or IP range using configuration updates (as described in the Optimizely documentation: https://docs.developers.optimizely.com/configured-commerce/docs/restricting-access-to-admin). However, in the V3 architecture, this capability is no longer supported or configurable within the managed environment.
Our support engagement (Ticket #1788512) confirmed that this feature was not migrated to V3 due to complications with the impersonation feature and has since been deprecated. As a result, customers currently have no…
1 vote -
Disable Weak TLS Cipher Suites (CBC-mode Ciphers) in Managed Commerce Environments
As part of a recent internal and third-party security assessment (conducted by Optiv Security), our organization identified that our Optimizely Configured Commerce production environment (www.whitecap.com) currently supports weak TLS cipher suites, including CBC-mode ciphers.
These ciphers are considered outdated and potentially vulnerable to known cryptographic attacks (e.g., Lucky 13 and BEAST). Security best practices and compliance frameworks (such as PCI DSS, NIST SP 800-52r2, and OWASP guidelines) recommend disabling weak or deprecated cipher suites and enforcing stronger ones such as AES-GCM or CHACHA20_POLY1305 with TLS 1.2+ only.
During our support engagement (Ticket #1789304), the SRE team confirmed that…
1 vote -
Export product list from a category
In PIM: I want to export all products that are assigned in a certain category. For example, I have category A with 300 products, and I want to export these 300 products in category A. As for now, when I'm in category A in PIM and click on "products" I get the listed products assigned to category A, BUT I can't export them in a excel list or other files types.
2 votes -
Many customers change their SKU and it's not really supported in Configured Commerce
We have several client which rename SKUs in their ERP instead of deactivating and create a new one for multiple reasons. Recently one of them ask us to create a "Master UID" for them to map and update our products, but this field is internal only and not visible to the customers, so it's an internal ID used between the ERP, PIM and Configured Commerce to update the product.
Can such a field be added and could be used as an alternate natural key to simplify everything? Seems to us like a common issue.
3 votesThank you for submitting this request! I can confirm that this would be a significant architectural change to implement and is not something we would be able to add to the roadmap at this time.
We can leave this enhancement request open in order to receive related feedback, but we do not have plans to add this feature at this time.
-
Ability to force website users to sign in
When Remember Me/Keep Me Signed In is enabled for the website, and the user selects the Remember Me/Keep Me Signed In option when signing into the Website, there is nothing that forces them to sign in again if their role has been changed. They can return to the website based on their cookies, even though their role has now been changed (example: from Buyer3 to Buyer1). As a result, they can place an order without approval.
Please implement a function to force website users to sign in again when their role has been changed.
5 votes -
Increase job's parameters to nvarchar(max)
Increase job's parameters to nvarchar(max) so we can have larger values such as JSON. We are using custom properties to suit our needs, which is not the best approach.
Tables:
IntegrationJobParameter
JobDefinitionParameter
JobDefinitionStepParameter4 votes -
PIM - History details not shown for latest changes on produts
I'm not able to see the latest change history details for some products.
There are two panels with history lists, one to the left and one in the middle under the "history" tab.The list to the left only shows the latest change on the products but I'm not able to click on it to see the actual change that has been made. I can only see the product status and the date of the change.
On the other hand, the history list in the middle has a drop down where I can click on the different history versions and…
0 votes -
website users filteraccessible fields
We need to show assigned customers and roles as column/exportable fields from the admin console. these fields could be delimited as possible multi value but currently cant access those fields at all without going into each individually
3 votes -
Order checkout rules
We received requests from several customers that their business required users to fulfill certain conditions before they can checkout. For example:
- Minimum order amount.
- Shipping carrier is required.Please implement the capability of creating checkout rules to provide customers with controls over their incoming orders.
2 votesThank you for submitting this request! We have added this item to our backlog for future consideration and prioritization.
If there are more details regarding the desired experience for these storefront customers who do not meet the rules that would also be appreciated.
Would there be a goal to encourage users to shop their MyLists or have selection of recommended products for example or would the desire be to simply disable the ability to checkout with appropriate messaging as to the rule that needs to be met to continue?
-
PIM - User Roles Don't Work
Optimizely confirmed the existing PIM roles do not work but asked me to enter it as feedback instead of a bug. A user must be an Admin to update an image, which is not optimal. There are existing PIM roles with Edit permissions for items and images, but they do not work. Fix the existing roles, or custom roles and permission so a user doesn't have to have full admin authority to edit an image or an item field.
3 votes
- Don't see your idea?