Cannot save Stripe keys on a site with HTTP only

[strategio]

On https://wordpress.org/support/topic/cannot-save-stripe-keys-on-a-site-with-http-only/, I was asked to post my report here.

Describe the bug Cannot save Stripe keys on a site with HTTP only

To Reproduce Steps to reproduce the behavior:

1. Site with HTTP only
2. Setup WooCommerce
3. Activate WooCommerce Stripe Payment Gateway
4. Setup the Stripe payment (note: in HTTP only, it shows a button “Enter account keys (advanced)”)
5. Click on “Enter account keys (advanced)” and fill the public and private key (we did it on the “Test” tab)
6. Click on “Save test keys”

=> You get an error notice “Error saving account keys”.

Expected behavior The keys should be saved (and the modal should close).

Environment (please complete the following information):

• WordPress Version: latest (6.4.3)
• WooCommerce Version: latest (8.6.1)
• Stripe Plugin Version: lastest (8.0.0)
• Browser [e.g. chrome, safari] and Version: Chrome 122

Additional context

And we have several debug.log entries:

[01-Mar-2024 12:02:37 UTC] PHP Notice:  Undefined index: publishable_key in /shared/httpd/wpml/htdocs/wp-content/plugins/woocommerce-gateway-stripe/includes/admin/class-wc-rest-stripe-account-keys-controller.php on line 240
[01-Mar-2024 12:02:37 UTC] PHP Notice:  Undefined index: secret_key in /shared/httpd/wpml/htdocs/wp-content/plugins/woocommerce-gateway-stripe/includes/admin/class-wc-rest-stripe-account-keys-controller.php on line 241
[01-Mar-2024 12:02:37 UTC] PHP Notice:  Undefined index: test_publishable_key in /shared/httpd/wpml/htdocs/wp-content/plugins/woocommerce-gateway-stripe/includes/admin/class-wc-rest-stripe-account-keys-controller.php on line 242
[01-Mar-2024 12:02:37 UTC] PHP Notice:  Undefined index: test_secret_key in /shared/httpd/wpml/htdocs/wp-content/plugins/woocommerce-gateway-stripe/includes/admin/class-wc-rest-stripe-account-keys-controller.php on line 243
[01-Mar-2024 12:02:37 UTC] PHP Notice:  Undefined index: testmode in /shared/httpd/wpml/htdocs/wp-content/plugins/woocommerce-gateway-stripe/includes/admin/class-wc-rest-stripe-account-keys-controller.php on line 247

Note that when I downgrade to version 7.9.3, I manage to save the keys even though I have several entries in debug.log which is probably the reason of this other report https://wordpress.org/support/topic/cannot-save-settings-26/ (some newer PHP version might be less fault-tolerant).

Note 1: With HTTPS, we have a different GUI workflow. Note 2: This problem was caught on an automated E2E test which started to fail due to this new version 8.0.0 (it’s a regression).

[strategio]

Any news?

[galbaras]

Just for context, why do you use plain HTTP in the days of free SSL certificates, particularly on a site that takes payments?

[strategio]

@galbaras, as mentioned in the description, this issue was caught in an automated end-to-end tests where we don't use HTTPS.

[galbaras]

My sites redirects everything to HTTPS URLs, so this never happens on them. I'm sure your web server can handle this, but there are also WordPress plugins that facilitate it.

[github-actions[bot]]

Hi, This issue has gone 150 days (5 months) without any activity. This means it is time for a check-in to make sure it is still relevant. If you are still experiencing this issue with the latest version, you can help the project by responding to confirm the problem and by providing any updated reproduction steps. Thanks for helping out.