საიტის გასაუმჯობესებელი სამუშაოების მიმდინარეობისას, შესაძლებლობების ნაწილი შეიზღუდება. თუ სტატიით ვერ მოახერხებ ხარვეზის გამოსწორება და შეკითხვის დასმა გსურთ, ჩვენი მხარდაჭერის გუნდი დაგეხმარებათ @FirefoxSupport გვერდის მეშვეობით Twitter-ზე და /r/firefox განყოფილებაში Reddit-ზე.

ძიება მხარდაჭერაში

ნუ გაებმებით თაღლითების მახეში მხარდაჭერის საიტზე. აქ არასდროს მოგთხოვენ სატელეფონო ნომერზე დარეკვას, შეტყობინების გამოგზავნას ან პირადი მონაცემების გაზიარებას. გთხოვთ, გვაცნობოთ რამე საეჭვოს შემჩნევისას „დარღვევაზე მოხსენების“ მეშვეობით.

ვრცლად

Too much security kills functionality.

  • 4 პასუხი
  • 1 მომხმარებელი წააწყდა მსგავს სიძნელეს
  • 6 ნახვა
  • ბოლოს გამოეხმაურა jscher2000 - Support Volunteer

Hi there, let me explain my problem.

We need to offer an book to people buying for donation to congress. ( Order form is here: http://christian-heritage.eserbia.org/order )

So, we have page for selecting persons or institution for donation. Buying goes via PayPal. After patron pay books using PayPal we must know whom to donate payed books.

We have tried following: 1. Patron should select person in the page ( http://christian-heritage.eserbia.org/order ) 2. After this he should click on PayPal button "Pay Now" and this click brings user to PayPal. ... and how to record patron's choice in the form ( http://christian-heritage.eserbia.org/order ) ? After one submit form to PayPal, all data about users selections in the form are lost.

Solution was : On click on the button "Pay Now", before submit, collect patron's selections (using JS) and using AJAX post data to php script for saving to database. After this, submit only books quantity to PayPal for buying. And this works in all popular browsers except Firefox (tested in Chrome, IE, Opera and all works fine.)

More details with codes (code is simplified):


$('#beforesend').on('click', function(){

  var data = 'quantity=' + books_qty;
   $('#result li').each(function(ind){

data = data +"&dat[][users choices from form]" });

     ....
      $.ajax({

url: "app/ordering.php", //Record user choices to database. type: 'POST', data: data, dataType: 'text' }).done(function(dat) { console.log(dat); }).fail(function(jqXHR, textStatus) { console.log("Firefox paranoia..."); return false; });

      $('#buy').submit();       // Without this line AJAX works... but  we can't send post to PayPal.
      return true;

}



I can't see security risk if this AJAX post goes to the same domain as script domain.

As I said, this script worked in all tested browsers except Firefox.


Sorry for my not so best English. :(

Best regards.

Hi there, let me explain my problem. We need to offer an book to people buying for donation to congress. ( Order form is here: http://christian-heritage.eserbia.org/order ) So, we have page for selecting persons or institution for donation. Buying goes via PayPal. After patron pay books using PayPal we must know whom to donate payed books. We have tried following: 1. Patron should select person in the page ( http://christian-heritage.eserbia.org/order ) 2. After this he should click on PayPal button "Pay Now" and this click brings user to PayPal. ... and how to record patron's choice in the form ( http://christian-heritage.eserbia.org/order ) ? After one submit form to PayPal, all data about users selections in the form are lost. Solution was : On click on the button "Pay Now", before submit, collect patron's selections (using JS) and using AJAX post data to php script for saving to database. After this, submit only books quantity to PayPal for buying. And this works in all popular browsers except Firefox (tested in Chrome, IE, Opera and all works fine.) More details with codes (code is simplified): ---------------------------------------------------------------------------------------------------------------- $('#beforesend').on('click', function(){ var data = 'quantity=' + books_qty; $('#result li').each(function(ind){ data = data +"&dat[][users choices from form]" }); .... $.ajax({ url: "app/ordering.php", //Record user choices to database. type: 'POST', data: data, dataType: 'text' }).done(function(dat) { console.log(dat); }).fail(function(jqXHR, textStatus) { console.log("Firefox paranoia..."); return false; }); $('#buy').submit(); // Without this line AJAX works... but we can't send post to PayPal. return true; } ------------------------------------------------------------------------------------------------------------------------- I can't see security risk if this AJAX post goes to the same domain as script domain. As I said, this script worked in all tested browsers except Firefox. Sorry for my not so best English. :( Best regards.
მიმაგრებული ეკრანის სურათები

გადაწყვეტა შერჩეულია

Hi jscher2000 thanx for your help.

This info was very useful: "The problem is that Firefox is terminating the AJAX request the instant it is told to leave the page"

Put "$('#ppbutton').click() in the ".done" function." was not worked because script never step into .done, from unknown reason always gone into .fail.

Finally, according to your info, I edited async: true, to async: false, in order to block script to make any further step before finishing ajax, and now all works fine. :)

Thank you very much for help!

პასუხის ნახვა სრულად 👍 0

ყველა პასუხი (4)

The problem is that Firefox is terminating the AJAX request the instant it is told to leave the page. You can see if you edit id="ppbutton" to id="notppbutton" that the request will complete and show ok in the console. So you should consider not "clicking" the button with your script until you get the response. In other words, try it with the $('#ppbutton').click() in the ".done" function.

Also, please disregard the order for jeff@example.com!

შერჩეული გადაწყვეტა

Hi jscher2000 thanx for your help.

This info was very useful: "The problem is that Firefox is terminating the AJAX request the instant it is told to leave the page"

Put "$('#ppbutton').click() in the ".done" function." was not worked because script never step into .done, from unknown reason always gone into .fail.

Finally, according to your info, I edited async: true, to async: false, in order to block script to make any further step before finishing ajax, and now all works fine. :)

Thank you very much for help!

Glad to hear you found an immediate solution.

There is some risk that the async=false will go away. Currently it is "deprecated" so I really don't know how long it will be available. https://developer.mozilla.org/docs/Web/API/XMLHttpRequest#Parameters

It could be that jQuery will work around that kind of future change in Firefox, I don't know, I don't use jQuery.