search

krakenjs / post-robot

Cross domain post-messaging on the client side using a simple listener/client pattern.
Apache License 2.0
741 stars 92 forks source link

Issue related to lost lost popup focus and onApprove not calling #96

Closed borodovisin closed 2 years ago

borodovisin commented 2 years ago

Description

This PR contains a fix available in almost all modern browsers using noopener related to the issue reported about the merchant not receiving the onApprove callback after the PayPal checkout process.

Why are we making these changes:

Please refer to these links: JIRA GitHub

Reproduction Steps

On the PayPal smart buttons follow these steps:

  1. Click on the payment button
  2. Click outside anywhere on the page, the popup disappears.
  3. Click on the Click to Continue message on the PayPal modal.
  4. If you log in the communication between the child and parent is broken and the popup is not able to call the onInitor onApprove callbacks.

Explanation

The problem here is how the browser window.open API works. The short history is the open will set interface opener inside the opened URL with the window context where the open API was called. We're using the window.open('', name) to get the focus on the popup. That means will override the opener all the time we use this approach, base on the Browser API description here Window.opener. To avoid this browser behavior we need to pass the noopener windowFeature` as a third param, this guarantees will not modify the original opener interface on the PayPal popup.

bluepnume commented 2 years ago

No major objections. Out of interest, which browsers does this bug happen in?

westeezy commented 2 years ago

Let's plan to cut a release and talk about how we can quickly smoke test in a pre prod env offline. Great find @borodovisin