Closed TomMeijnaerts closed 1 month ago
Im waiting for this also.
Please note, that inline scripts on the checkout will stop working if they are not rendered with the secure renderer.
More about this here: https://developer.adobe.com/commerce/php/development/security/content-security-policies/#whitelist-an-inline-script-or-style
<script>
require(['buckaroo/mrcash/pay'], function (mrcashPay) {
var transactionKey = "<?= /* @noEscape */ ($block->getTransactionKey()); ?>";
mrcashPay.setTransactionKey(transactionKey);
mrcashPay.showQrCode();
});
cancelPayment = function() {
require(['buckaroo/mrcash/pay'], function (mrcashPay) {
mrcashPay.cancelPayment();
});
}
</script>
This should be either put into a variable or wrapped into ob_start() like this:
<?php
$key = $block->getTransactionKey();
$script = <<<JS
require(['buckaroo/payconiq/pay'], function (payconiqPay) {
var transactionKey = "$key";
payconiqPay.setTransactionKey(transactionKey);
payconiqPay.showQrCode();
});
cancelPayment = function() {
require(['buckaroo/payconiq/pay'], function (payconiqPay) {
payconiqPay.cancelPayment();
});
}
JS;
?>
<?= /* @noEscape */ $secureRenderer->renderTag('script', [], $script, false); ?>
This was recently backported from 2.4.7 to older versions with the latest security patch and is enabled by default. After upgrade to 2.4.5-p8 inline script added in a conventional unsafe way stopped to work.
Could you please provide an update on this ticket? We're experiencing the same problem and would be grateful for any news.
We would like to roll out the update of magento 2.4.7 & php8.3 ... when will this extension have compatibility for those versions ?