search

Worldpay / Worldpay-Magento2-CG

Worldpay Magento 2 Plugin for Worldpay Corporate Gateway
Other
17 stars 35 forks source link

Regarding the "envMode" cookie #123

Open praveen-gopal opened 11 months ago

praveen-gopal commented 11 months ago

Hi Team,

Could you please help me to understand the usage of "envMode" cookie?

From the file below, we found that the envMode cookie is created, but could not find out where it is being used.

Please refer the attached screenshot.

https://github.com/Worldpay/Worldpay-Magento2-CG/blob/master/view/frontend/templates/webpayment.phtml

envMode_cookie

Thanks Praveen

elavarasann commented 11 months ago

Hi Praveen, Thanks for the update, we will check from our side and let you know. Mean while could you please update about the version details of our plugin and Magento that you are using now. And let us know if your are facing any issue because of this.

Thanks & Regards, Elavarasan Natarajan.

praveen-gopal commented 11 months ago

Hi @elavarasann ,

Magento 2.4.5 sapient/module-worldpay : 2.4.5-p10123

Currently we are performing the Qualys scan for our websites and as part of suggestion, we got request to set the httpOnly and secure attributes for envMode cookie, as the attributes are not added.

So, I am trying to understand whether the cookie can be updated or is it required.

elavarasann commented 11 months ago

Hi Praveen,

Basically this cookie was added to detect the env mode like live or test. Based on that we will switch the endpoint of payment gateway URL. But please give me some more time, I will check with my team and confirm about this.

Thanks & Regards, Elavarasan Natarajan.

praveen-gopal commented 11 months ago

OK @elavarasann, Please check and let me know about the cookie details.

praveen-gopal commented 11 months ago

HI @elavarasann , Did you get a chance to check in with your team about the cookie?

elavarasann commented 11 months ago

Hi Praveen, we have checked from our side, the cookie is used in Samsung Pay. If you are removing this cookie then it will affect in Samsung Pay.

praveen-gopal commented 11 months ago

Hi @elavarasann, We are using the worldpay payment, if we remove the "envMode" cookie or add the "secure" attribute to the cookie it will affect any worldpay payment related flow / functionality?

chandan-PS commented 10 months ago

Hi @praveen-gopal , This will only impact Samsung Pay, Payment method and rest all will work smoothly.

We will consider a fix to tis issue in Q1-2024