-
Rouslan Solomakhin authored
Before this patch, secure payment confirmation method would return the signature of the challenge that was generated on the browser using the JSON stringification. In order to verify the signature, an issuer would have to stringify JSON as well, but that stringification could be different from how Chrome did it, thus resulting in a rejected transaction. This patch returns Chrome's stringified JSON challenge along with the payment response for secure payment confirmation. The tests to verify this behavior revealed that secure payment confirmation app ignored price changes in modifiers and show promises, so that bug is fixed here as well. After this patch, the issuer does not need to generate the JSON string itself, but instead can verify the values in the JSON string generated and returned by Chrome. Bug: 1123054, 1124747 Change-Id: I0fa8974411635e406a9d2f253b7061b892e06949 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2388271 Commit-Queue: Danyao Wang <danyao@chromium.org> Reviewed-by:
Danyao Wang <danyao@chromium.org> Reviewed-by:
Adam Langley <agl@chromium.org> Cr-Commit-Position: refs/heads/master@{#813343}
94339493
