Problem/Motivation
Cybersource changed the way they work with microform, they are doing the change gradually on test enviroments first and when your account changes the microform will not work anymore the way it is on the module now.
https://support.visaacceptance.com/knowledgebase/Knowledgearticle/?code=...
On April 2025 they will change production environment to this new request.
Proposed resolution
As required in the documentation we need to change the way we load the microform JS file to load it from URL that wll be sent from JWT token, in my experiences it works but not if i fully follow the docs because including the crossorigin and integrity attributes will trigger CORS error.
So we can go with a partial solution, but as far as i can see drupal do not let us to have a dynamic library changing it's path based on an logic so we must change it with a hook_library_info_alter but inside this hook i do not have the file path from JWT, so i propose to cache it's value on src/PluginForm/FlexForm.php to use it on the hook.
| Comment | File | Size | Author |
|---|---|---|---|
| #2 | 3494814-cybersource-dynamic-js.patch | 3.4 KB | thiagomoraesp |
Issue fork commerce_cybersource-3494814
Show commands
Start within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
Comments
Comment #2
thiagomoraesp commentedHere is a patch for it, i know that it is not the best approach but solves the problem for now.
Comment #3
thiagomoraesp commentedComment #4
thiagomoraesp commentedComment #5
damondt commentedIn practice, currently, the token contains https://flex.cybersource.com/microform/bundle/v2.4.0/flex-microform.min.js which is the same, latest version that the hardcoded https://flex.cybersource.com/microform/bundle/v2/flex-microform.min.js version returns (based on the commenting in that file). But hearing you, would be cool to do the right way.Just read the part about it being deprecated. I wonder if this should be done in Flex::generateKey() where the actual token used is received and returned to FlexForm along with the current variable returned (wrapped in an array or object) and then added to #attached?
Comment #6
jsacksick commentedI think the approach isn't correct here, will work on this.
I think we should add the JS SDK dynamically via Javascript.
Comment #8
jsacksick commentedMerged!