- From: Kane York <notifications@github.com>
- Date: Sat, 07 Apr 2018 00:05:53 +0000 (UTC)
- To: w3c/payment-request <payment-request@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Saturday, 7 April 2018 00:06:53 UTC
Going to state the obvious here and mention that either the merchant-website example code should switch on the method name in the `merchantvalidation` event, or the Merchant Server should check the `validationUrl` query parameter against a whitelist -- else you're landing in mandatory server-side request forgery land. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/payment-request/issues/646#issuecomment-379415562
Received on Saturday, 7 April 2018 00:06:53 UTC