View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0004950||Taler||wallet (browser-based)||public||2017-03-11 00:15||2018-03-07 21:39|
|Reporter||Florian Dold||Assigned To||Florian Dold|
|Priority||normal||Severity||text||Reproducibility||have not tried|
|Product Version||SVN HEAD|
|Target Version||0.7||Fixed in Version|
|Summary||0004950: spec and implement asynchronous payment api|
This has the benefit of being more resilient against click jacking.
|Tags||No tags attached.|
Since we can now query the status of a payment (instead of having cookies set on /pay), it is pretty easy to do payments from a Single Page App without destroying state by opening the payment_redirect_url in a new tab/window.
We still might re-add a JS-based API for synchronous payments in the future, since:
* it might provide nicer user experience than opening a tab/window by using browser-specific APIs (such as W3C payment handler/requests)
* the developer experience might be nicer
However in order to implement the latter part, the backend might have to expose APIs to the browser that right now only the frontend server has access to, such as querying the status of a payment (paid, not paid, refunded) based on an order id.
It is probably not desirable to expose such an API to the public by default. Maybe the frontend can proxy these requests to the backend, but then we need to make sure we still have a nice API where we don't need to pass a slew of URLs around.
|2017-03-11 00:15||Florian Dold||New Issue|
|2017-03-14 12:03||Christian Grothoff||Severity||minor => feature|
|2017-03-14 12:04||Christian Grothoff||Status||new => confirmed|
|2017-03-14 12:04||Christian Grothoff||Category||other => wallet (browser-based)|
|2017-03-14 12:04||Christian Grothoff||Product Version||=> SVN HEAD|
|2017-10-23 10:44||Christian Grothoff||Assigned To||=> Florian Dold|
|2017-10-23 10:44||Christian Grothoff||Severity||feature => text|
|2017-10-23 10:44||Christian Grothoff||Status||confirmed => assigned|
|2017-10-23 10:44||Christian Grothoff||Target Version||=> 0.7|
|2018-03-07 21:39||Florian Dold||Note Added: 0012879|