The ACSD-47920 patch fixes the issue where orders can be placed via REST API as a guest user even when the Allow Guest Checkout is turned off. This patch is available when the Quality Patches Tool (QPT) 1.1.24 is installed. The patch ID is ACSD-47920. Please note that the issue is scheduled to be fixed in Adobe Commerce 2.4.6.
The patch is created for Adobe Commerce version:
Compatible with Adobe Commerce versions:
The patch might become applicable to other versions with new Quality Patches Tool releases. To check if the patch is compatible with your Adobe Commerce version, update the
magento/quality-patches package to the latest version and check the compatibility on the QPT landing page. Use the patch ID as a search keyword to locate the patch.
Orders can be placed via Rest API as a guest user even when the Allow Guest Checkout is turned off.
Steps to reproduce:
Guest checkout API returns an error Sorry, guest checkout is not available if Allow Guest Checkout is set to No.
Guest checkout API allows an order to be placed even if Allow Guest Checkout is set to No.
To apply individual patches, use the following links depending on your deployment method:
To learn more about Quality Patches Tool, refer to:
For info about other patches available in QPT, refer to Patches available in QPT in the Quality Patches Tool guide.