xendit / xendit-php

Xendit REST API Client for PHP - Card, Virtual Account, Invoice, Disbursement, Recurring Payments, Payout, EWallet, Balance, Retail Outlets Services, xenPlatforms
https://developers.xendit.co/api-reference/
MIT License
156 stars 76 forks source link

Mixed Content issue of payment using DANA #100

Open cierish opened 4 years ago

cierish commented 4 years ago

Hi, we got another problem with DANA payment.

Opening the checkout_url in Android's webview has a mixed content issue.

"Mixed Content: The page at 'https://m.sandbox.dana.id/m/portal/error?errorCode=network&refer=cashierOrder&bizNo=20200923111212800110166922300021127' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://mas-log-sit.58cloud.alipay.net/loggw/webLog.do'. This content should also be served over HTTPS.", source: https://m.sandbox.dana.id/m/portal/1.66.0/app.de976a31d80522ad6685.js

Also, instead of opening the correct url, it will be redirect to a page with error message:

"The network connection is unstable. Please try again later." Error code: network

How should we solve this issue?

Many thanks before.

Cheers, Cherry

slzhffktm commented 4 years ago

Hi Cherry,

Thank you for reaching us out. May I ask you, does this error appear intermittently or constantly? Also, could you share the external id that u used to generate that checkout URL with us? Thank you.

Cheers, Nicholas Wijaya

cierish commented 4 years ago

Hi Nicholas,

Thank you for your prompt reply. Following is the external_id format we use, as requested.

1-117-12800

Here is the full json data: {"external_id":"1-117-12800","amount":24000,"checkout_url":"https:\/\/m.sandbox.dana.id\/m\/portal\/cashier\/checkout?bizNo=20200923111212800110166446600018806&timestamp=1600847394051&mid=216620000000261692328&sign=AHM3GTUKVsdhQp%2BVgNf3ghx%2F4QqZH%2BkDi3TZIZdsjJRnmJWQ6LogEqdGQmin2mkf6VLIstN6j9Ew%2F%2BL7dHW%2FprT1nXHS8edDDP60e4vNOwpbMq8MAMyfIQXJoNV9kCY4ESUjAST%2FH0rRxZ0pHiorNlpsxs9vHR3QfWErlnlsngbZarlilibkSH%2B9Q1QE7uErP2kfIYKWfy7jQwAYxn3A3sUCNaYxvkvtFDJZhWoym4Gbkj976TCkvTHny6WERhrFwBPgCJ%2FzC6no6cV7xIyMx4DRmlqQir%2Blh3tlWKSZLDkIN9J2Z6zEKqySRrtq56FQgRJP1dteyJLDzqXKHrqFGg%3D%3D","ewallet_type":"DANA","code":200}

We also tried to implement: onReceivedSslError android:usesCleartextTraffic="true" android:networkSecurityConfig="@xml/network_security_config"

But, the page in webview remains error.

Many Thanks.

Cheers, Cherry

slzhffktm commented 4 years ago

Hi Cherry,

Sorry, may i know why is the app trying to render this endpoint 'https://m.sandbox.dana.id/m/portal/error?errorCode=network&refer=cashierOrder&bizNo=20200923111212800110166922300021127'?

And maybe you can try to generate a new checkout URL and open it in your browser to see whether it works?

Cheers, Nicholas Wijaya

cierish commented 4 years ago

Hi Nicholas,

The code is opening checkout_url using webview, and the error occured while accessing the page. It seems that the problem while loading a page contains mixed http and https, while the new SDK allows only secure connection.

Opening the url in mobile browser or PC doesn't have any problem at all.

Many thanks.

Cheers, Cherry

slzhffktm commented 4 years ago

Hi Cherry,

Oh so this is purely Android's problem, CMIIW? What's the API version are you targetting in your application? Can you try another solution from this based-on the API targetting https://stackoverflow.com/questions/32155634/android-webview-not-loading-mixed-content, for example try to add webView.getSettings().setMixedContentMode(WebSettings.MIXED_CONTENT_COMPATIBILITY_MODE)

Hopefully this can help to fix the problem. Thank you.

Cheers, Nicholas Wijaya

cierish commented 4 years ago

Hi Nicholas,

Target SDK is set to 29.

We have already tried the solution. We also tried webView.getSettings().setMixedContentMode(WebSettings.MIXED_CONTENT_ALWAYS_ALLOW);

with no success. I think the problem is relevant to the given error http://mas-log-sit.58cloud.alipay.net/loggw/webLog.do? in Dana java script.

Many thanks.

Cheers, Cherry

slzhffktm commented 4 years ago

Hi Cherry,

I am so sorry but we couldn't help you for this because the checkout URL is from Dana. So we do not have control over this and are unable to change it into https.

The best suggestion that we can come up to address this problem is by finding a way to allow the Android WebView to be able to open the mixed/http. I hope that these links be useful for you:

I hope that you can fix your problem as soon as possible.

Thank you, Nicholas Wijaya

cierish commented 4 years ago

Hello, yes we already followed and did the instructions.

We would like to contact DANA support, but we are not their customer, and using Xendit API. I hope that Xendit can contact DANA to clear the url problem.

Many thanks.

Cheers, Cherry

slzhffktm commented 4 years ago

Hi Cherry,

Sure! We have raised this issue to DANA. Please wait for the further update.

Thank you, Nicholas Wijaya

cierish commented 4 years ago

Hi Nicholas,

Alright, many thanks!

Following is a document which may can help: https://developers.google.com/web/fundamentals/security/prevent-mixed-content/fixing-mixed-content

Many thanks.

Cheers, Cherry