X
Tap here to go to the mobile version of the site.

Support Forum

Too much security kills functionality.

Posted

Hi there, let me explain my problem.

We need to offer an book to people buying for donation to congress. ( Order form is here: http://christian-heritage.eserbia.org/order )

So, we have page for selecting persons or institution for donation. Buying goes via PayPal. After patron pay books using PayPal we must know whom to donate payed books.

We have tried following: 1. Patron should select person in the page ( http://christian-heritage.eserbia.org/order ) 2. After this he should click on PayPal button "Pay Now" and this click brings user to PayPal. ... and how to record patron's choice in the form ( http://christian-heritage.eserbia.org/order ) ? After one submit form to PayPal, all data about users selections in the form are lost.

Solution was : On click on the button "Pay Now", before submit, collect patron's selections (using JS) and using AJAX post data to php script for saving to database. After this, submit only books quantity to PayPal for buying. And this works in all popular browsers except Firefox (tested in Chrome, IE, Opera and all works fine.)

More details with codes (code is simplified):


$('#beforesend').on('click', function(){

  var data = 'quantity=' + books_qty;
   $('#result li').each(function(ind){

data = data +"&dat[][users choices from form]" });

     ....
      $.ajax({

url: "app/ordering.php", //Record user choices to database. type: 'POST', data: data, dataType: 'text' }).done(function(dat) { console.log(dat); }).fail(function(jqXHR, textStatus) { console.log("Firefox paranoia..."); return false; });

      $('#buy').submit();       // Without this line AJAX works... but  we can't send post to PayPal.
      return true;

}



I can't see security risk if this AJAX post goes to the same domain as script domain.

As I said, this script worked in all tested browsers except Firefox.


Sorry for my not so best English. :(

Best regards.

Hi there, let me explain my problem. We need to offer an book to people buying for donation to congress. ( Order form is here: http://christian-heritage.eserbia.org/order ) So, we have page for selecting persons or institution for donation. Buying goes via PayPal. After patron pay books using PayPal we must know whom to donate payed books. We have tried following: 1. Patron should select person in the page ( http://christian-heritage.eserbia.org/order ) 2. After this he should click on PayPal button "Pay Now" and this click brings user to PayPal. ... and how to record patron's choice in the form ( http://christian-heritage.eserbia.org/order ) ? After one submit form to PayPal, all data about users selections in the form are lost. Solution was : On click on the button "Pay Now", before submit, collect patron's selections (using JS) and using AJAX post data to php script for saving to database. After this, submit only books quantity to PayPal for buying. And this works in all popular browsers except Firefox (tested in Chrome, IE, Opera and all works fine.) More details with codes (code is simplified): ---------------------------------------------------------------------------------------------------------------- $('#beforesend').on('click', function(){ var data = 'quantity=' + books_qty; $('#result li').each(function(ind){ data = data +"&dat[][users choices from form]" }); .... $.ajax({ url: "app/ordering.php", //Record user choices to database. type: 'POST', data: data, dataType: 'text' }).done(function(dat) { console.log(dat); }).fail(function(jqXHR, textStatus) { console.log("Firefox paranoia..."); return false; }); $('#buy').submit(); // Without this line AJAX works... but we can't send post to PayPal. return true; } ------------------------------------------------------------------------------------------------------------------------- I can't see security risk if this AJAX post goes to the same domain as script domain. As I said, this script worked in all tested browsers except Firefox. Sorry for my not so best English. :( Best regards.
Attached screenshots

Chosen solution

Hi jscher2000 thanx for your help.

This info was very useful: "The problem is that Firefox is terminating the AJAX request the instant it is told to leave the page"

Put "$('#ppbutton').click() in the ".done" function." was not worked because script never step into .done, from unknown reason always gone into .fail.

Finally, according to your info, I edited async: true, to async: false, in order to block script to make any further step before finishing ajax, and now all works fine. :)

Thank you very much for help!

Read this answer in context 0

Additional System Details

Installed Plug-ins

  • Adobe PDF Plug-In For Firefox and Netscape 10.1.13
  • GEPlugin
  • Google Update
  • Next Generation Java Plug-in 11.31.2 for Mozilla browsers
  • Office Authorization plug-in for NPAPI browsers
  • The plug-in allows you to open and edit files using Microsoft Office applications
  • NVIDIA 3D Vision Streaming plugin for Mozilla browsers
  • NVIDIA 3D Vision plugin for Mozilla browsers
  • Shockwave Flash 17.0 r0
  • Unity Player 4.3.5f1
  • VLC media player Web Plugin

Application

  • Firefox 37.0.1
  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0
  • Support URL: https://support.mozilla.org/1/firefox/37.0.1/WINNT/en-US/

Extensions

  • Avast Online Security 10.1.0.170 (wrc@avast.com)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: NVIDIA GeForce GTX 660
  • adapterDescription2:
  • adapterDeviceID: 0x11c0
  • adapterDeviceID2:
  • adapterDrivers: nvd3dumx,nvwgf2umx,nvwgf2umx nvd3dum,nvwgf2um,nvwgf2um
  • adapterDrivers2:
  • adapterRAM: 2048
  • adapterRAM2:
  • adapterSubsysID: 28711462
  • adapterSubsysID2:
  • adapterVendorID: 0x10de
  • adapterVendorID2:
  • clearTypeParameters: Gamma: 2200 Pixel Structure: R ClearType Level: 100 Enhanced Contrast: 50
  • direct2DEnabled: True
  • directWriteEnabled: True
  • directWriteVersion: 6.2.9200.16571
  • driverDate: 2-5-2015
  • driverDate2:
  • driverVersion: 9.18.13.4752
  • driverVersion2:
  • info: {u'AzureCanvasBackend': u'direct2d 1.1', u'AzureFallbackCanvasBackend': u'cairo', u'AzureContentBackend': u'direct2d 1.1', u'AzureSkiaAccelerated': 0}
  • isGPU2Active: False
  • numAcceleratedWindows: 1
  • numTotalWindows: 1
  • webglRenderer: Google Inc. -- ANGLE (NVIDIA GeForce GTX 660 Direct3D11 vs_5_0 ps_5_0)
  • windowLayerManagerRemote: True
  • windowLayerManagerType: Direct3D 11

Modified Preferences

Misc

  • User JS: Yes
  • Accessibility: No
jscher2000
  • Top 10 Contributor
8837 solutions 72222 answers

The problem is that Firefox is terminating the AJAX request the instant it is told to leave the page. You can see if you edit id="ppbutton" to id="notppbutton" that the request will complete and show ok in the console. So you should consider not "clicking" the button with your script until you get the response. In other words, try it with the $('#ppbutton').click() in the ".done" function.

The problem is that Firefox is terminating the AJAX request the instant it is told to leave the page. You can see if you edit id="ppbutton" to id="notppbutton" that the request will complete and show ok in the console. So you should consider not "clicking" the button with your script until you get the response. In other words, try it with the $('#ppbutton').click() in the ".done" function.
jscher2000
  • Top 10 Contributor
8837 solutions 72222 answers

Also, please disregard the order for jeff@example.com!

Also, please disregard the order for jeff@example.com!

Chosen Solution

Hi jscher2000 thanx for your help.

This info was very useful: "The problem is that Firefox is terminating the AJAX request the instant it is told to leave the page"

Put "$('#ppbutton').click() in the ".done" function." was not worked because script never step into .done, from unknown reason always gone into .fail.

Finally, according to your info, I edited async: true, to async: false, in order to block script to make any further step before finishing ajax, and now all works fine. :)

Thank you very much for help!

Hi jscher2000 thanx for your help. This info was very useful: "The problem is that Firefox is terminating the AJAX request the instant it is told to leave the page" Put "$('#ppbutton').click() in the ".done" function." was not worked because script never step into .done, from unknown reason always gone into .fail. Finally, according to your info, I edited async: true, to async: false, in order to block script to make any further step before finishing ajax, and now all works fine. :) Thank you very much for help!
jscher2000
  • Top 10 Contributor
8837 solutions 72222 answers

Glad to hear you found an immediate solution.

There is some risk that the async=false will go away. Currently it is "deprecated" so I really don't know how long it will be available. https://developer.mozilla.org/docs/Web/API/XMLHttpRequest#Parameters

It could be that jQuery will work around that kind of future change in Firefox, I don't know, I don't use jQuery.

Glad to hear you found an immediate solution. There is some risk that the async=false will go away. Currently it is "deprecated" so I really don't know how long it will be available. https://developer.mozilla.org/docs/Web/API/XMLHttpRequest#Parameters It could be that jQuery will work around that kind of future change in Firefox, I don't know, I don't use jQuery.