Merge pull request #4452 from expsa/ENS-3483

[FIX] applepay_fast_checkout: integrity url
2025-08-31 09:48:17 +03:00 · 2025-08-31 09:48:17 +03:00 · a945dfc9e0
parent bf223c46b7 1cd20d5067
commit a945dfc9e0
1 changed files with 3 additions and 3 deletions
--- a/odex25_donation/applepay_fast_checkout/controllers/main.py
+++ b/odex25_donation/applepay_fast_checkout/controllers/main.py
@ -12,13 +12,13 @@ class ApplePayFastCheckout(Controller):
        acquirer_id = request.env['payment.acquirer'].sudo().search([('provider', '=', 'applepay')], limit=1)

        if acquirer_id.state == 'test':
-            url = "https://eu-test.oppwa.com/v1/paymentWidgets.js"
+            url = "https://eu-test.oppwa.com"
        else:
-            url = "https://eu-prod.oppwa.com/v1/paymentWidgets.js"
+            url = "https://eu-prod.oppwa.com"

        integrity = requests.get(f'{url}/v1/fastcheckout/integrity').json().get('integrity', '')

-        response = request.render("applepay_fast_checkout.apple_pay_iframe", {'hyperpay_src': url, 'merchant_id': acquirer_id.applepay_entity_id, 'nonce': nonce, 'integrity': integrity})
+        response = request.render("applepay_fast_checkout.apple_pay_iframe", {'hyperpay_src': f"{url}/v1/paymentWidgets.js", 'merchant_id': acquirer_id.applepay_entity_id, 'nonce': nonce, 'integrity': integrity})
        response.headers['Content-Security-Policy'] = "script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' https://*; worker-src blob: 'self' 'unsafe-inline' 'unsafe-eval' https://*;connect-src 'self' https://* wss://*;frame-src 'self' blob: https://*;"

        return response