Apple Pay Headless - Missing Control over Headless Domain

[timeo-schmidt]

Hello!

Currently, there is a problem when using Apple Pay in a headless setup. This has been discussed with @boxblinkracer

When does the issue happen?

• Domain of headless storefront differs from the domain of shopware instance
• Multiple domains in use for different languages

Issue Description

In the apple pay payment flow, the client has to request a validation first to obtain a payment session. This is triggered by calling the /store-api/mollie/applepay/validate endpoint. In the plugin, this calls the following function: https://github.com/mollie/Shopware6/blob/b2b7361d1df400649a191bf3b62da01a30eb9bff/src/Components/ApplePayDirect/ApplePayDirect.php#L268

In this function, the domain of the shopware instance is used as the domain that needs to be validated. The problem now is that if the headless domain differs from the domain of the shopware instance.

Desired functionality

There should be a way to control the domain for which the validation is requested.

Possible solutions

One possible solution would be to allow the headless client to pass another (optional) parameter to the /store-api/mollie/applepay/validate . The domain that is passed here of course needs to be checked against a whitelist of allowed domains server-side, to ensure that no arbitrary domains cannot be validated.

Thanks a lot for the great support of Christian and consistently quick responses and fixes from dasistweb :))

Cheers,

Timeo

[boxblinkracer]

Hi Timeo perfect, i'll make sure to push it forward internally :)