-
Notifications
You must be signed in to change notification settings - Fork 67
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Simulating on-site payment with an iframe #17
Comments
This should be possible once the changes discussed to fix #35 are implemented. |
The only issue with spoofing on-site payments is the lack of SSL and green bar in the address bar. By redirecting to PayPal, for instance, the user gets reassured that they are on a secure and trusted site when entering their payment details. Not saying that it shouldn't be built in to the module, just that it I would argue it would have to be a config option rather than the default behaviour. |
@jameshoward Yes, I agree with your concerns about not showing SSL/green in address bar. Showing the gateway site within an iframe isn't planned to be the default behaviour, and yes should be enabled via config - perhaps on a per-gateway basis. Adding a SSL cert to the merchant site might help alleviate the address bar concerns. |
I think this approach is destined to fail because of security standards. |
A trick to simulate an on-site payment form is to display the external payment form inside an iframe.
It would be good to provide either tools, or instructions on how to achieve this.
The text was updated successfully, but these errors were encountered: