JacksonStorm | Stripe Developers | Page 1

dusk wolfBOT Jan 3, 2023, 9:44 AM

#

lusty gate Jan 3, 2023, 9:44 AM

#

👋 happy to help

#

the client_secret is only used to confirm a Payment/Setup Intent

#

there's no security issue with exposing it on the frontend

brave lava Jan 3, 2023, 9:50 AM

#

Right... Ok.
Is it normal that is exposed?

Any suggestions to hide it?

#

I fear customers will freak out.

lusty gate Jan 3, 2023, 9:50 AM

#

is it being displayed in the UI?

brave lava Jan 3, 2023, 9:51 AM

#

In the URL

#

It's injecting into the confirmation page url

lusty gate Jan 3, 2023, 9:52 AM

#

yes this is expected and there's no risk

brave lava Jan 3, 2023, 9:52 AM

#

Ok... Seems strange.

#

I think my customers will report it as a security error .... "Client secret" doesn't seem expected

lusty gate Jan 3, 2023, 9:57 AM

#

It has been used for quite sometime and no one ever came back with this feedback to be honest

brave lava Jan 3, 2023, 9:57 AM

#

☺️

#

That's good enough for me.

lusty gate Jan 3, 2023, 9:58 AM

#

let me know if you need any more help

brave lava Jan 3, 2023, 9:58 AM

#

Can I share full url with you here so you can eyes over

#

Make sure nothing else random injected?

lusty gate Jan 3, 2023, 9:58 AM

#

yes please do

brave lava Jan 3, 2023, 9:58 AM

#

https://wiseandsilent.com/confirmation.html?payment_intent=pi_3MM4L7DdRcBmDMH40Ov5k2ek&payment_intent_client_secret=pi_3MM4L7DdRcBmDMH40Ov5k2ek_secret_YE8N9WjgWs5TLW6IlFchrQsbG&redirect_status=succeeded

lusty gate Jan 3, 2023, 9:59 AM

#

looks good

brave lava Jan 3, 2023, 9:59 AM

#

Superstar Tarzan.
Made my day.

lusty gate Jan 3, 2023, 9:59 AM

#

let me know if you need any more help

#JacksonStorm