JS code can block the checkout flow [#3567295]

If you set this payment gateway HostedIframe for the custom checkout flow, the flow can be blocked by the JS code because it throws an exception and token and expire values are not provided.
There is a hardcoded class .commerce-checkout-flow-multistep-default which might be missing in the custom checkout flow.
I suggest using just a .commerce-checkout-flow class or refactoring JS code and removing hardcoded class.

diff --git a/js/hosted-iframe.js b/js/hosted-iframe.js
index 726d320..d81c301 100644
--- a/js/hosted-iframe.js
+++ b/js/hosted-iframe.js
@@ -14,7 +14,7 @@
       }

       const form = document.querySelector(
-        '.commerce-checkout-flow-multistep-default',
+        'form.commerce-checkout-flow',
       );
       if (form.classList.contains('hosted-iframe-form')) {
         return;

Issue fork commerce_cardpointe-3567295

Show commands

Start within a Git clone of the project using the version control instructions.

Add & fetch this issue fork’s repository

Or, if you do not have SSH keys set up on git.drupalcode.org:

Add & fetch this issue fork’s repository

3567295-js-code-can changes, plain diff MR !32
Check out this branch for the first time

Check out existing branch, if you already have it locally

About issue forks

Comments

Comment #1

13 January 2026 at 15:48

s_kulyk created an issue. See original summary.

Comment #2

s_kulyk commented 13 January 2026 at 15:52

Issue summary:

View changes

Comment #3

10 February 2026 at 22:30

tomtech made their first commit to this issue’s fork.

Comment #4

10 February 2026 at 22:35

tomtech opened merge request !32

Comment #5

10 February 2026 at 23:58

619fc8dc committed on 1.x

fix: #3567295 JS code can block the checkout flow

By: s_kulyk
By:...

Comment #6

tomtech commented 11 February 2026 at 00:10

Assigned:	Unassigned	» tomtech
Status:	Needs work	» Fixed

@s_kulyk,

Thanks for the report!

This was actually already addressed in 2.x.

I've back ported the same fix. (We are moving toward using data properties, rather than css class names for things like this.)

Comment #7

11 February 2026 at 00:10

Now that this issue is closed, review the contribution record.

As a contributor, attribute any organization that helped you, or if you volunteered your own time.

Maintainers, credit people who helped resolve this issue.

Comment #8

tomtech commented 11 February 2026 at 00:12

Comment #9

25 February 2026 at 00:14

Status:

Fixed

» Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

JS code can block the checkout flow

Issue fork commerce_cardpointe-3567295

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Comment #5

Comment #6

Comment #7

Comment #8

Comment #9

Related issues

News items

Our community

Documentation

Drupal code base

Governance of community