#the_aligat0r

Hello

You are asking why the card details aren't redacted in the network request?

bro common knowledge: in SSL requests and response payloads get encrypted a middle man attacker cant do anything so it is safe, CSRF should be handled by yourself btw bcs that way there is a possibility a hacker can get something off a customer session when he is logged in, maybe the token cookie you can make it samesite strict, if you handle that its safe

@dry radish

Hi @hollow plinth yes exactly

That’s what I assumed but our security team is strict so I need to make sure

@hollow plinth is there a way for me to mask the request to stripe specifically the card details?

i wouldnt rely on development group or pentesting groups that arent really certified, bcs i know from my internships the company's crew are not always the best

sorry for being annoying i dont mean it rudely but im out now

No there is no way to have these details redacted -- they are safe during transmission. Our security has been PCI certified and we handle all of this data securely.

one addition if you do what i said, your pure safe, a leak may only come from your app not Stripe, if you reconsider or read what i said your pretty fine, know it from experience