michael3234324_59086 | Stripe Developers | Page 1

rugged doveBOT Feb 26, 2024, 3:38 PM

#

woeful ginkgo Feb 26, 2024, 3:40 PM

#

Hello

#

Yep both are fine and work mostly the same.

#

The only advantage to confirming clinet-side is that 3DS is handled without an extra step.

#

If you confirm server-side and 3DS is required then you need to add a step to then handle 3DS client side

celest mason Feb 26, 2024, 3:43 PM

#

Perfect thanks, can you keep this thread open for the time being? May have a few more questions within the next minutes/hours

woeful ginkgo Feb 26, 2024, 3:48 PM

#

Sure

#

It will stay open for a short bit

#

If it closes, you can always post in the main channel again

celest mason Feb 26, 2024, 3:51 PM

#

Thanks for your quick followup @woeful ginkgo .

I have one followup question.

If I register this test card clientside it is served a captcha - 4000 0000 0000 1208
If I do it server side, there is no captcha
so isn’t server side less secure?

woeful ginkgo Feb 26, 2024, 3:52 PM

#

CAPTCHA can only happen client-side.

#

But it would potentially happen on tokenization.

#

How are you collecting the PaymentMethod when confirming server-side?

celest mason Feb 26, 2024, 3:55 PM

#

I am calling this js function.

https://docs.stripe.com/js/payment_methods/create_payment_method

Stripe JS Reference

woeful ginkgo Feb 26, 2024, 4:02 PM

#

Hmmm where did you get that 4000 0000 0000 1208 card from?

celest mason Feb 26, 2024, 4:03 PM

#

@woeful ginkgo I got it from a Stripe support rep when responding to a ticket regarding testing hcaptcha. I also searched the discord and koopajah referenced it here. #1201926860116860948 message

woeful ginkgo Feb 26, 2024, 4:07 PM

#

And when you confirm via SetupIntent are you using Payment Element?

celest mason Feb 26, 2024, 4:08 PM

#

Sorry can you elaborate? Do you mean when confirming client side or server side?

I am using stripe elements to collect card info on the browser, if thats what youre asking.

woeful ginkgo Feb 26, 2024, 4:11 PM

#

When confirming client-side what Element are you using?

celest mason Feb 26, 2024, 4:13 PM

#

I am mounting card elements to the dom e.g. card-number-element

Then I am confirming using stripes js function here https://docs.stripe.com/js/setup_intents/confirm_setup

Stripe JS Reference

woeful ginkgo Feb 26, 2024, 4:16 PM

#

Gotcha, thanks for clarifying.

#

Let me check with a colleague as I'm surprised CAPTCHA doesn't fire in both instances.

#

Alright so turns out this is expected and it appears that we would only trigger CAPTCHA upon an actual card authentication (which occurs on the confirmation request). So yes, you are right that if you want CAPTCHA here then you would want to use client-side confirmation.

celest mason Feb 26, 2024, 4:27 PM

#

Perfect, thanks for confirming.
Is it in any sense less secure to do server side confirmation then?

woeful ginkgo Feb 26, 2024, 4:28 PM

#

Not less secure, you just open yourself up to card testing a bit more if you confirm server-side since you don't get the advantages of CAPTCHA.

celest mason Feb 26, 2024, 4:33 PM

#

amazing, thanks for the help

woeful ginkgo Feb 26, 2024, 4:37 PM

#

Sure thing

#michael3234324_59086