Problem/Motivation

I want to use the Origin check, but when calling back from a payment gateway with 3D Secure it's not possible to know which domain will be the POSTing back to the site. This means I can't whitelist origins.

Proposed resolution

Allow certain paths to be excluded from the Origin check.

Remaining tasks

Patch attached with tests.

User interface changes

Extra field added to seckit admin page.

API changes

n/a

Data model changes

n/a

CommentFileSizeAuthor
origin_exclude_paths.patch6.35 KBandy tawse

Issue fork seckit-3199711

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

Andy Tawse created an issue. See original summary.

joshhytr made their first commit to this issue’s fork.

joshhytr opened merge request !45

joshhytr’s picture

joshhytr commented
Status: Active » Needs review

Hi, I rerolled Andy's patch for version 2.0.3 and opened an MR.

Thanks