I'm using DotNetKit 1.2.6.5 and SagePayIntegration.Validation() is rejecting a customer email that uses the new .online domain (eg: foo#bar.online) with
CustomerEMail is invalid.
Is this fixed in 1.2.6.7 or is the source code for SagePay.IntegrationKit.DotNet.dll available somewhere so I can fix it?
Despite access to the source code (many thanks to #DavidG) SagePay Support have confirmed that the actual Gateway does not support all these new domains - so even if I modified the DotNetKit it would still be rejected by the Gateway.
SagePay support were very helpful but ultimately the
"... email domain foo#bar.online is not yet supported on our gateway.
We run development sprints continuously and although there are some
domains we may not yet support, we look to in future, dependent on
impact and demand..."
The SagePay Integration Kit uses this regex to validate email addresses:
[a-zA-Z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-zA-Z0-9!#$%&'*+/=?^_`{|}~-]+)*#(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?\.)+(?:[a-zA-Z]{2,4})\b
Which does unfortunately not allow extra long TLDs. Fortunately I have the source code for the kit and I've added it to my GitHub account (along with a bug fix which is why I had to get it in the first place as SagePay are not updating it). You can find it here:
https://github.com/WiredUK/SagePay.IntegrationKit
And the Regex you need to edit is this file:
https://github.com/WiredUK/SagePay.IntegrationKit/blob/801f61cf965c391a98a025aa632949719084cef0/ApiRegex.cs
For info, you need to edit the very last part of the expression from 2,4 (which matches 2 to 4 characters in the TLD) to allow more, for example 2,30.
Edit: And just because I can, I opened an issue and fixed it.
Related
Our site uses a content security policy with Braintree's implementation of 3D Secure.
There are multiple calls made by songbird.js (CardinalCommerce implementation of 3D Secure used by Braintree) to third party sites (such as kg668dbov0.execute-api.us-east-1.amazonaws.com, touchtechpayments.com, or arcot.com) which are not documented in the CSP requirements outlined by Braintree here https://braintree.github.io/braintree-web/current/.
These calls to third party sites don't seem to be documented anywhere on the web either, and seem to change at random. Every time there is an undocumented change it breaks our 3DS integration (iFrame doesn't load as the undocumented url is blocked by the CSP).
The urls seem to vary based on the card used (touchtechpayments.com seems to be the Revolut one, arcot.com seems to be HSBC), and I can see a couple others for French banks in our CSP violation report: https://bred.wlp-acs.com for Bred, https://bnpp-3ds.wlp-acs.com for BNP Paribas).
Does anyone know where I can find an up to date list of the content security policy requirements for songbird.js ?
I've created an issue on the braintree github page:
https://github.com/braintree/braintree-web/issues/497
My list so far:
3ds-secure.cardcomplete.com
ecclients.btrl.ro
bofp.erstebank.hu
www.clicksafe.lloydstsb.com
pay.activa-card.com
3dsecure-1.wirecard.com
3dsecure-2.wirecard.com
acssv.otpbank.hu
acs.sia.eu
idcheck.acs.touchtechpayments.com
sicher-bezahlen.sparkasse.at
secure5.arcot.com
I'm running OpenBD CFML isValid('email','something#whatever.education') and my result is 'NO'.
.education is a valid domain - why does this fail?
It turns out to be an issue with the regex used behind the scenes to match valid domains.
The regex in place didn't account for domains as long as "education".
I fixed it and it's been merged, should be in the nightly by now, grab the latest update and you should be able to use isValid("email", "AwesomeEmail#School.education") just fine. Viva la open source.
I'm having some trouble with the GCP console, hopefully someone can point me in the right direction.
A couple of days ago I generated some API Keys and was able to restrict their validity scope by target API. The form looked like this, and I was able to restrict keys to apply on my GAE private APIs only:
whereas today the righthand side tab has disappeared on me and I can only apply "Application restrictions" (IP range, referrer, etc..) and I can see merely the following menu.
I was and still am the owner of the project, and I'm not aware of any change in roles/project config/etc.. (although I can't 100% rule them out)
There is next to zero documentation about the mysterious "API restrictions" tab. Hope someone can help.
Many thanks in advance
F
This feature has been removed temporarly because was causing issues with the Google Maps API.
API already created making use of these restriction will not work and the workaround is to remove them and recreate them with no restriction.
https://issuetracker.google.com/issues/69715011
Please star the bug to add your vote and subscribe to notifications from Google. Hopefully they will fix the issue soon.
I've done this before but can't remember how to do this anymore.
Let's say I have a JIRA issue# 967 open.
I'm emailing a couple of people with comments on this issue using my Outlook email.
What do I need to do so that this comment automatically gets added as part of the JIRA issue?
See the Atlassian documentation here. Replace JIRA in the URL with the version number you're on if you are using an older version, e.g. JIRA044
Please make sure you're following the guides that fits your Jira version, there is a page for each version. Follow this guide to set up issue and comments creation via email.
Basically you need to :
Configure mail server - use your exchange server or external service as Google.
Configure a mail handler - probably you will want to use one of Jira's built-in mail handlers.
Important notes-
To create a comment for isser key TEST-123 the email's subject has to contain the issue key, e.g. Subject: Re: TEST-123 updates.
Emails without subject line won't be processed.
read this for more tips.
Can I get a sample PHP code example which calls SmartyStreets LiveAddress API for address validation?
Sure -- we have sample code at our GitHub repository. There's 3 examples there:
A request to our API using cURL (can handle many addresses at once)
A GET request. Easy, but only supports one address per request
A "SLAP" (Single-Line Address Processing) example which shows how to verify an address if it's not already split into components like street, city, state, etc.
If you have any further questions, I'd be happy to help; I wrote these examples.
If you are developing SmartyStreet code on a test system that doesn't have a secure certificate, you can add this line to disable the certificate test:
if ($bTestSystem) curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
Smarty streets uses the same approach as many other solutions. The user enters an Address and then a lookup is performed and if the address is not found the user is presented a list of valid addresses to select. This is a slower approach that may not be ideal.
A newer approach that may be a better option comes from Addrexx. The Addrexx solutions allows users to autoselect their information from dropdown lists. This speeds the process on entering personal information. Full disclosure: I am a developer at Addrexx. Addrexx is a SaaS that includes complete integration packages for salesforce, magento, big commerce and many more platforms.
You can see the Addrexx approach at http://addrexx.com/ecommerce.html.