Closed rootpd closed 1 year ago
It seems that bank expects clientIp to appear in the signature base if it is empty string and not to appear there if it is null. Client->paymentOneClickInit() method expected the $clientIp parameter to be string, but didn't check it or enforce it anyhow. I'll update it so that it won't matter.
The library is trying to sign this payload:
This generates a signature base that includes empty
clientIp
(at the 5th position):Based on the debug headers from CSOB, the actual base for signature was supposed to be: