Is it safe for the Stripe client_secret to be in the redirect URL? - Hack The Tech - Latest News related to Computer and Technology

Hack The Tech - Latest News related to Computer and Technology

Get Daily Latest News related to Computer and Technology and hack the world.

    • Sunday, April 16, 2023

    Home PHP Web Development Is it safe for the Stripe client_secret to be in the redirect URL?

    Is it safe for the Stripe client_secret to be in the redirect URL?

    I recently noticed this warning while scanning the Stripe documentation:

    You can use the client secret to complete the payment process with the amount specified on the PaymentIntent. Don’t log it, embed it in URLs, or expose it to anyone other than the customer. Make sure that you have TLS on any page that includes the client secret.

    A web app I run has been appending the client secret along with the payment intent ID to the payment confirmation page (i.e. redirect URL) ever since I first integrated it, without any modification from me as far as I can remember, so I've always assumed the integration was designed to be this way until I read this warning.

    Is it safe for the client secret to be in the redirect URL?



    source https://stackoverflow.com/questions/76017285/is-it-safe-for-the-stripe-client-secret-to-be-in-the-redirect-url
    Tags
    Share This
    Author Image

    About Athar

    Posted by at
    Labels: ,

    No comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)

    Author Details

    Templatesyard is a blogger resources site is a provider of high quality blogger template with premium looking layout and robust design. The main mission of templatesyard is to provide the best quality blogger templates which are professionally designed and perfectlly seo optimized to deliver best result for your blog.