Are there any plugins for WooCommerce to integrate with Stripe that do not require the web server to be able to initiate connections (eg to api.stripe.com)?
For security reasons, my server’s firewall blocks my web server (apache) from initiating outgoing connections. This is further reinforced by the following line in wp-config.php
> define( ‘WP_HTTP_BLOCK_EXTERNAL’, true );
As such, the above makes wordpress deny plugins’ calls to wp_remote_get() fail (via block_request() returning true). For example, wordpress will not allow WooCommerce to call-home to woocommerce.com. And wordpress will not allow “WooCommerce Stripe Payment Gateway” to call-home to api.stripe.com. Even if that failed, the firewall would drop it (and it would timeout). Most importantly, this means that Mallory will not be able to call-home to evil-c2.xyz if there’s a 0day in wordpress or one of my themes/plugins.
WooCommerce works fine with this setting, as it’s not actually necessary for my web server to initiate connections to woocommerce.com
I also accept payments in cryptocurrencies on my WooCommerce site, and that also works fine with these settings – as it sends the *user’s* browser to the payment processor’s website — rather than trying to have my server initiate the connection.
Note that my web server of course allows incoming connections, so web hooks from stripe to my server should work fine. I just block *outgoing* connections, for security reasons.
After installing and configuring the “WooCommerce Stripe Payment Gateway” plugin, I get this error on checkout
> There was a problem connecting to the Stripe API endpoint.
The error occurs after my server’s PHP tries (and fails) to reach the following locations:
In both cases, wordpress blocked the call by returning true in block_request()
So it appears that, maybe, the “WooCommerce Stripe Payment Gateway” is poorly designed such that the web server must communicate to api.stripe.com, rather than just having the user finish their checkout at stripe.com.
I would expect there to be a WooCommrce plugin for Stripe integration where communication with stripe.com be initiated by the client’s web browser, not my web server.
My question is: are there any plugins for WooCommerce that integrate with Stripe that work when the server’s firewall blocks outgoing requests – where:
1. The communication happens between the customer and Stripe via the customer’s web browser and
2. The communication happens between Stripe and my web server via Stripe communication to my server via web hooks?
- The topic ‘Stripe Integration without needing server communication to stripe.com (firewall)’ is closed to new replies.