i've been playing stripe , while understand token hides clients credit card details server. tutorial suggests server should not rely on data-amount since can changed client
don’t rely on form’s price frequent mistake stems using form data contain price of product being purchased, possibly via hidden input. because user can edit input’s value, it’s unwise depend on it. fetch price of product server-side. never rely on form tell you. simple database query preferred option. can explain why stripe not include data-amount value parameter in token generation? there not potential server side code change agreed price , overcharge client.
the token placeholder of pending charge, not know how going charge yet. once ready charge card api request sent stripe along token. concern amount deals relying on post data form can manipulated customer.
Comments
Post a Comment