• Resolved danielbreves

    (@danielbreves)


    I’m seeing payment failures occasionally due to Stripe Checkout allowing form submission without stripe_source.

    I haven’t been able to reproduce the issue, but I can see the symptoms from the logs. The frontend never POSTs the payment details to get the source from stripe, but still allows the customer to submit the form without it, resulting in a payment failure. From the logs below it seems the ajax call is made a minute earlier, then the form is submitted, which in theory shouldn’t be possible.

    <customer IP> http://www.localseeds.com.au – [16/Aug/2020:22:06:18 +0000] “POST /?wc-ajax=checkout HTTP/1.1” 200 169 “https://www.localseeds.com.au/checkout/&#8221; “Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36” | TLSv1.3 | 25.501 25.548 25.547 – D NC:300000 UP:1
    <customer IP> http://www.localseeds.com.au – [16/Aug/2020:22:07:32 +0000] “POST /checkout/ HTTP/1.1” 200 41730 “https://www.localseeds.com.au/checkout/&#8221; “Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36” | TLSv1.3 | 2.620 2.658 2.658 – D NC:320000 UP:1

    Expected behavior
    The frontend should post the payment details to stripe to get the source id before submitting the form.

    Environment:
    WordPress Version: 5.5
    WooCommerce Version: 4.4.1
    Stripe Plugin Version: 4.5.2
    Browser [e.g. chrome, safari] and Version
    Any other plugins installed: dokan-lite 3.0.9, SG Optimizer 5.6.5, Hummingbird 2.5.1

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support dougaitken

    (@dougaitken)

    Automattic Happiness Engineer

    Hey @danielbreves

    I’m not 100% following what is happening here.

    The frontend should post the payment details to stripe to get the source id before submitting the form.

    Can you elaborate on this one for me, please? As you mention you’ve not been able to replicate this, until there are steps to replicate this or more details about what is happening, we won’t be able to help much with this.

    Thanks,

    Thread Starter danielbreves

    (@danielbreves)

    Hi @dougaitken,

    The frontend should post the payment details to stripe to get the source id before submitting the form.

    This is how the plugin works with credit cards, is it not? It creates a source via stripe API, adds it to the form as a hidden field, then submits the form: https://github.com/woocommerce/woocommerce-gateway-stripe/blob/master/assets/js/stripe.js#L485-L532

    I can simulate the issue on the server by disabling JavaScript on the browser, but this is not what’s happening for users, since I can see from the logs they’re making an ajax call.

    However, I’d think even in the case of JavaScript being disabled the plugin should not allow Woocommerce to create an order without having payment information.

    Plugin Support dougaitken

    (@dougaitken)

    Automattic Happiness Engineer

    Hey @danielbreves

    On a technical level, I’m not competent with all the coding involved here but on a high level, this isn’t working as expected.

    The frustrating part here is not being able to reproduce it. That is the first step in understanding why this is happening.

    This could be related to caching, or a theme quick on the checkout page, or another plugin but without replicating it we can’t dig in to even conflict test it – https://docs.woocommerce.com/document/how-to-test-for-conflicts/

    One other question to ask – why are you using two optimization plugins?
    SG Optimizer 5.6.5
    Hummingbird 2.5.1

    Unless advised otherwise, I’d suggest disabling one of these.

    I’d love to help more here but until you’re able to replicate this – if you’re able to catch any more details about the failed orders and ask customers for more details about browser used etc, a pattern could emerge from that.

    Thanks,

    Plugin Support AW a11n

    (@slash1andy)

    Automattic Happiness Engineer

    Hey there!

    We haven’t heard back from you in a while, so I’m going to mark this as resolved – if you have any further questions, you can start a new thread.

    Thread Starter danielbreves

    (@danielbreves)

    Just to note that SG Optimizer and Hummingbird have different features and complement each other. Also, Hummingbird detects and handles conflict with SG Optimizer.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Payment failures without stripe source’ is closed to new replies.