本文介绍了安全的 PayPal Checkout 客户端?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!


他们声称,通过 paypal 的客户端结帐,您可以简单地将他们的代码放到您的网站(前端)上.然而,从这个例子来看,用户可以修改请求的金额,因为代码在客户端上(从不信任客户端").

With paypal's client side checkout they claim you can simply drop their code onto your site (front end). However, from this example it looks like a user could modify the amount requested because the code is on the client ("Never trust the client").


Is it Possible to secure this or is server side code necessary?


<!DOCTYPE html>

    <!-- Add meta tags for mobile and IE -->
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta http-equiv="X-UA-Compatible" content="IE=edge" />

    <!-- Set up a container element for the button -->
    <div id="paypal-button-container"></div>

    <!-- Include the PayPal JavaScript SDK -->
    <script src="https://www.paypal.com/sdk/js?client-id=sb&currency=USD"></script>

        // Render the PayPal button into #paypal-button-container

            // Set up the transaction
            createOrder: function(data, actions) {
                return actions.order.create({
                    purchase_units: [{
                        amount: {
                            value: '0.01'

            // Finalize the transaction
            onApprove: function(data, actions) {
                return actions.order.capture().then(function(details) {
                    // Show a success message to the buyer
                    alert('Transaction completed by ' + details.payer.name.given_name + '!');




Server-side is necessary to secure the amount (as well as the description and any other data you want to specify as part of the transaction)


这篇关于安全的 PayPal Checkout 客户端?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

05-29 12:28