Vulnerability in EPiServer.Forms
I have the following situation: I have products in the checkout phase of my e-commerce website, by default all products may be shipped to a foreign country. But when a product is marked as not shippable to a foreign country (on product level or some other method) then the entire order has to be blocked and the customer needs to be notified. During checkout the (another) country can be selected for shipping.
I have checked the documentation on world and read about shipping gateways, providers and juristictions. But it seems this is just for selecting/providing shipment methods for customers not for blocking an entire order.
I've also looked at customizing order processing and order workflows (https://world.episerver.com/documentation/developer-guides/commerce/workflows-and-activities/Customizing-order-processing-workflow/). But is it possible to notify the customer in this way, in the same session?
Does someone have any advice how to tackle this problem?
Episerver Commerce: 18.104.22.168Episerver Cms: 22.214.171.124
Is it only through the checkout page that this validation needs to occur? If that's the case then I'm unsure if a specific Commerce component is required, in that case I'd say it's simplest to create your own service that checks this requirement based on the information you pass into it through a Cart you're about to turn into a PurchaseOrder. (It will need it's line items set and shipping information set of course).
If it on the other hand needs to be reusable in various parts of your order processing flow, I'd look at creating a new Activity and put it in the relevant workflows. The workflows that I see as applicable are CartValidate (should be called whenever a change to the cart is made) or CartPrepare (should be called just before "accepting" an order).
If you go with the latter approach, the guide that you mentioned should be useful for customizing existing workflows:
( https://world.episerver.com/documentation/developer-guides/commerce/workflows-and-activities/Customizing-order-processing-workflow/ )
To make it simpler, you can download the source code for the workflows through this page.
You'll find workflows for your version under the section "Other code samples:" -> "12.3.1 to 12.5.0"
You can use the workflows source code as a reference point to how your custom workflow should look like as a base so that it's easier to add your custom activity to it where applicable.
Hope this helps!