castle-applepay-captcha | Stripe Developers | Page 1

sour oakBOT Dec 6, 2022, 4:44 PM

#

clear ferry Dec 6, 2022, 4:45 PM

#

Good question. Checking in to whether we/Apple have recommendations here

random echo Dec 6, 2022, 4:47 PM

#

Thank you! I'd prefer to execute recaptcha in paymentRequest.on('token',handler) but according to the docs you have to be complete with all your requests within 30 secs

south zenith Dec 6, 2022, 5:01 PM

#

castle-applepay-captcha

#

I wouldn't do it in the click handler personally since that can mess with Apple's detection of a "user gesture", even if I assume you'd have another click for the captcha solving.

#

so I'd do it on the token callback, that's where it's "costly" for the attacker anyways since they already passed Apple's UI (which feels less likely already)

random echo Dec 6, 2022, 5:03 PM

#

Ya I agree, and I was just thinking recaptcha tokens expire after two minutes so it'd be better to use at the time of payment confirmation rather than when the Apple Pay UI opens

#

Just nervous about that 30 secs to complete, but there's not really an other option.

south zenith Dec 6, 2022, 5:10 PM

#

are you getting real card testing from Apple Pay tokens? That feels uncommon to me

random echo Dec 6, 2022, 5:14 PM

#

Real card testing, I haven't gotten anywher close to 30 secs but I'm just trying to think about a lot of traffic or bad internet

south zenith Dec 6, 2022, 5:16 PM

#

no I meant real card testing with Apple Pay

random echo Dec 6, 2022, 5:19 PM

#

I am stepping through the full process. I have Apple Wallet enabled and am going to my frontend going through the Apple Pay UI and my card is being tokenized and sent to my backend.

#castle-applepay-captcha