Vulnerability in EPiServer.Forms
I setup the ServiceApi for commerce in order to maintain customer (Organization/Contact) using the endpoint described here Customers' endpoints.
Reading customers works perfect but when trying to write, I face the following issues:
Any clue on what's going wrong ?
On a side note, I find it confusing that I have to use my own Address and Organization classes to have a deserialization working. Why does the Mediachase.Commerce.Customers.Organization and Mediachase.Commerce.Customers.CustomerAddress can be used instead.
Re your second question - try to deserialize those classes and you'll see why. They are complicated and contains unnecessary information that does not fit for ServiceAPI serialization/deserialization.
Re your first question - updating organization is now limited to OrganizationType and OrgCustomerGroup. The other properties are planned to be supported in the future. Perhaps we should be more clear about it.
I just published a blog post of some code I wrote for a couple of other partners if you need to be able to update other properties