In this function, the domain of the shopware instance is used as the domain that needs to be validated.
The problem now is that if the headless domain differs from the domain of the shopware instance.
Desired functionality
There should be a way to control the domain for which the validation is requested.
Possible solutions
One possible solution would be to allow the headless client to pass another (optional) parameter to the /store-api/mollie/applepay/validate . The domain that is passed here of course needs to be checked against a whitelist of allowed domains server-side, to ensure that no arbitrary domains cannot be validated.
Thanks a lot for the great support of Christian and consistently quick responses and fixes from dasistweb :))
Hello!
Currently, there is a problem when using Apple Pay in a headless setup. This has been discussed with @boxblinkracer
When does the issue happen?
Issue Description
In the apple pay payment flow, the client has to request a validation first to obtain a payment session. This is triggered by calling the
/store-api/mollie/applepay/validate
endpoint. In the plugin, this calls the following function: https://github.com/mollie/Shopware6/blob/b2b7361d1df400649a191bf3b62da01a30eb9bff/src/Components/ApplePayDirect/ApplePayDirect.php#L268In this function, the domain of the shopware instance is used as the domain that needs to be validated. The problem now is that if the headless domain differs from the domain of the shopware instance.
Desired functionality
There should be a way to control the domain for which the validation is requested.
Possible solutions
One possible solution would be to allow the headless client to pass another (optional) parameter to the
/store-api/mollie/applepay/validate
. The domain that is passed here of course needs to be checked against a whitelist of allowed domains server-side, to ensure that no arbitrary domains cannot be validated.Thanks a lot for the great support of Christian and consistently quick responses and fixes from dasistweb :))
Cheers,
Timeo