• Rouslan Solomakhin's avatar
    [Web Payment] Return challenge for secure payment confirmation. · 94339493
    Rouslan Solomakhin authored
    Before this patch, secure payment confirmation method would return the
    signature of the challenge that was generated on the browser using the
    JSON stringification. In order to verify the signature, an issuer would
    have to stringify JSON as well, but that stringification could be
    different from how Chrome did it, thus resulting in a rejected
    transaction.
    
    This patch returns Chrome's stringified JSON challenge along with the
    payment response for secure payment confirmation. The tests to verify
    this behavior revealed that secure payment confirmation app ignored
    price changes in modifiers and show promises, so that bug is fixed here
    as well.
    
    After this patch, the issuer does not need to generate the JSON string
    itself, but instead can verify the values in the JSON string generated
    and returned by Chrome.
    
    Bug: 1123054, 1124747
    Change-Id: I0fa8974411635e406a9d2f253b7061b892e06949
    Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2388271
    Commit-Queue: Danyao Wang <danyao@chromium.org>
    Reviewed-by: default avatarDanyao Wang <danyao@chromium.org>
    Reviewed-by: default avatarAdam Langley <agl@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#813343}
    94339493
payment_request.h 11.3 KB