#jorin-slaybaugh_unexpected

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1405264416831832236

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Below are links to other discussions we've had with you in the past week in case you want to review that information. If your question is related to one of these previous discussions, please provide a comprehensive summary of the current state and what you need help with now. We help many users simultaneously, so a summary allows us to resolve your issue as soon as possible.

• jorin-slaybaugh_unexpected, 1 hour ago, 33 messages

Hi there 👋 no, it isn't in any changelog. It was a bug on our end that verification wasn't being enforced for both domains.

All of our documentation has always instructed to register both domains as far as I can remember.

Interesting. So bug fixes aren't documented in changelogs? Because its a breaking change for our implementation

And also, I still am very confused by your documentation because it specifically says "(except for Safari 17+ when specifying allow="payment" attribute)"

Because the whole reason for that support from apple/safari is for this situation.

You cut out the important part of that excerpt.

When using an iframe, its origin must match the top-level origin (except for Safari 17+ when specifying allow="payment" attribute).

Safari is the only browser that supports cross-domain wallets. So that consideration is telling you that your top and bottom level domains must match for most browsers/integrations, but that customers using Safari 17 or newer do not have that same restriction for using Apple Pay.

EXACTLY!

But it doesn't work!

What doesn't?

The next bullet in that doc still says both domains need to be registered

Our whole issue is that we've embedded our ticket purchase process in an iframe. And apple pay used to work in safari, but it doesn't now

And that's what I'm saying... it appears your documentation confused both you and me

and my belief is that its still accurate since that is the whole reason Apple added that support for Safari

I'm not confused by it, both domains have to be registered.

Then how does safari support cross-domain wallets?

I don't know how Apple built the support on their side, but I know they require the domains both be registered.

There is absolutely no documentation on the Apple site that both domains need to be registered. And this worked until Stripe apparently changed it in April 2024. If Stripe hadn't added that restriction, then this could and should still work

(and I'm still not convinced it changed in April 2024. I think it was much more recently)

It wasn't changed more recently. I saw the PR that changed it, and pushed for this to be fixed personally.

That's how I knew it offhand when my teammate asked me about your thread this morning.

Ok, well, I don't have much of a leg to stand on for arguing the date since I have no proof 🤣

But I still don't understand why the change was made in the first place since there is no requirement from Apple

👋 Jorin I'm stepping in for toby as he needs to step away.

As toby noted I'm not sure of the inner workings of the Apple integration. I know for our integration this indeed is required but yeah can't tell you much more than that.