#brandon_best-practices

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1233414055788544010

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

I'd avoid logging client secrets as much as possible

Security-wise it's really only an issue if someone has access to your server logs and is intent on causing abuse

I definitely wouldn't want any of them to be logged, but I'm having a hard time finding an example of the specific use case I described. Do you happen to have any recommendations for how to implement something like this?

Idk how your app works, but I would pass something else as a query string. Some id or data indicating info about the users session. That way you can pass that data to the backend from the webview and create a payment intent, returning the client secret back to the webview via javascript

Understood. Maybe a combination of the user ID and a nonce or something

I believe it's also possible to execute JavaScript on the page directly from our native wrapper, or possibly even set cookies. Those may be worth exploring too. Thank you!