john_stripejs-localhost | Stripe Developers | Page 1

eager galeBOT Sep 23, 2024, 9:25 PM

#

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1287887581199077406

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

just-john_docs, 3 days ago, 23 messages
just-john_docs, 6 days ago, 28 messages

#

elfin jackal Sep 23, 2024, 9:28 PM

#

This is an update to my question Friday (3 days ago). The difference is that I've added the PaymentIntent ID that the team said was needed to get an answer.

shadow tapir Sep 23, 2024, 9:44 PM

#

Hi there

#

Taking a step back, you should not be testing in live mode

elfin jackal Sep 23, 2024, 9:48 PM

#

Yes, that was discussed in the previous thread. The keys were not set up by me and I didn't double check them. My apologies. That will be fixed.

#

I would still like to know how the tx went through without https and whether I was understanding the docs correctly. Thanks!

shadow tapir Sep 23, 2024, 10:12 PM

#

Got it

#

Give me a few more minutes please

#

Okay, in this case it looks like we don't enforce this on localhost (which is where you were testing)

eager galeBOT Sep 23, 2024, 10:18 PM

#

potent lily Sep 23, 2024, 10:19 PM

#

john_stripejs-localhost

elfin jackal Sep 23, 2024, 10:27 PM

#

Yes, that's correct. Is that the expected behavior?

#

If so, could you mention it in the documentation?

potent lily Sep 23, 2024, 10:28 PM

#

It's expected but we don't plan to document it no. No one should rely on this in production it's just a quirk to make it easy to test things, it's not something to use in production

elfin jackal Sep 23, 2024, 10:49 PM

#

How is someone to know that http doesn't prevent a transaction on local if the docs say otherwise though?

#

I'm aware that using the correct keys would prevent it, but surely other people have been in my shoes where the wrong keys were already there and they assumed that it was safe to test based on that line in the docs. I expect it won't be the last either.

potent lily Sep 23, 2024, 10:52 PM

#

There's a clear warning in the console that indicates you have to use HTTPS. It's not perfect for sure but it does work quite well

#

https://docs.stripe.com/security/guide#validating-pci-compliance clearly says HTTPS is required too. I don't think a callout about localhost is going to help most developers who hit this edge-case

elfin jackal Sep 23, 2024, 11:12 PM

#

That actually reinforces my point. It says you have to use https, but you don't. http goes through just fine.

potent lily Sep 23, 2024, 11:13 PM

#

Sounds good, I'll flag to the team for consideration! Do you have any other questions?

elfin jackal Sep 23, 2024, 11:15 PM

#

Nope, that's it. Thank you!

#john_stripejs-localhost