felquis
commented
5 years ago I attended to this case today at the office, here are my final thoughts
I'm already integrated with Adyen on a web application for 12+ months but in a dumb way, because only now I understand that the JS Context that handles my customer credit card number must be separated from the JS Context that handles my JavaScript application itself. Imagine, any malicious script won't ever have access to the data in the JS Context. A comparison is how the codepen.io website works, that runs your code sample and the codepen.io UI on different JS Contexts using iframes to avoid any unintentional influence on each other. We want the same with our credit card data, we don't want any unknown JS running in the same context of our precious sensitive data.
Adyen library will replace your inputs with iframes, which sounds scary but is awesome!
So, if you use the "dumb way" you should strongly consider moving to the secured iframe integration, it is that simple:
var csfSetupObj = {
rootNode: '.cards-div',
configObject : {
originKey : "[ORIGIN KEY]",
},
allowedDOMAccess : true // I don't really understand this flag, default is true
};
var securedFields = csf(csfSetupObj);Now explore securedFields and check the onSomething functions, for each credit card form state, like card brand, validation of each field, valid card it will trigger those functions https://docs.adyen.com/developers/checkout/api-integration/configure-secured-fields/secured-fields-callbacks
Trigalti
Can you please update the README file to include information regarding support and cut-off dates for existing customers using the CSE WEB library?
What are the implications if we continue using the now deprecated library?