Skip to content

update: remove redirect_url from ECE payment #4770

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Nov 10, 2025
Merged

update: remove redirect_url from ECE payment #4770

merged 5 commits into from
Nov 10, 2025

Conversation

@frosso
Copy link
Contributor

@frosso frosso commented Nov 7, 2025
edited
Loading

Fixes STRIPE-799

Changes proposed in this Pull Request:

Discussed here: p1762519898532299-slack-C055WHLA98D
There are some concerns that the redirect_url parameter provided to the ECE payment flow might not be safely stripped.
After testing and consulting the Stripe docs, it looks like it might not be needed.

Testing instructions

  • Allow your site to use Amazon Pay with wp option update _wcstripe_feature_amazon_pay yes
  • Navigate to WooCommerce > Settings > Payments > Stripe
  • Scroll down to the "Express checkouts" section
  • Enable Amazon Pay
  • Save
  • Click "Customize" on Amazon Pay
  • Ensure it's enabled on Checkout, Cart, & Product Page locations
  • As a customer, add a product to the cart (or attempt the checkout from the product page)
  • Navigate to the Cart or Checkout pages
  • Click on the Amazon Pay button
  • If you don't have an account, create one (you can't login with your "real" Amazon account)
  • Fill in the details, such as address & payment information
  • Pay
  • You should be redirected to the "Order received" page
  • Covered with tests (or have a good reason not to test in description ☝️)
  • Tested on mobile (or does not apply)

Changelog entry

  • This Pull Request does not require a changelog entry. (Comment required below)
Changelog Entry Comment

Comment

Post merge

@frosso frosso marked this pull request as ready for review November 7, 2025 14:52
@frosso frosso self-assigned this Nov 7, 2025
@frosso frosso added the type: enhancement The issue is a request for an enhancement / Feature Request label Nov 7, 2025
@frosso frosso requested review from a team, daledupreez and wjrosa and removed request for a team November 7, 2025 14:58
wjrosa
wjrosa approved these changes Nov 7, 2025
View reviewed changes
Copy link
Contributor

@wjrosa wjrosa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me 👍

daledupreez
daledupreez approved these changes Nov 10, 2025
View reviewed changes
Copy link
Contributor

@daledupreez daledupreez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is working nicely! Thanks for the fix! I do have some comments about the changelog entry, but they're not blocking.

@frosso @daledupreez
Update changelog.txt
4ed690f 
Co-authored-by: daledupreez <[email protected]>
frosso
frosso commented Nov 10, 2025
View reviewed changes
@frosso frosso enabled auto-merge (squash) November 10, 2025 07:52
@frosso frosso merged commit 6a7fafc into develop Nov 10, 2025
40 checks passed
@frosso frosso deleted the update/remove-redirect_url-from-ece branch November 10, 2025 08:46
@frosso frosso mentioned this pull request Nov 10, 2025
Merged
6 tasks
@daledupreez daledupreez added this to the 10.1.0 milestone Nov 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@daledupreez daledupreez daledupreez approved these changes

@wjrosa wjrosa wjrosa approved these changes

Assignees

@frosso frosso

Labels

type: enhancement The issue is a request for an enhancement / Feature Request

Projects

None yet

Milestone

10.1.0

Development

Successfully merging this pull request may close these issues.

4 participants

@frosso @daledupreez @wjrosa