-
Notifications
You must be signed in to change notification settings - Fork 308
Conversation
I wonder if a self-signed certificate would work? |
I am unable to create a self-signedcertificate that works for me, but I think that's beside the point. The behavior is the same, even with suggested changes: No autofill message comes up until typing at least two numbers and then hitting backspace. I will research further. |
Aha! If I disable Javascript, it wakes right up (previously noted). |
Cf. http://stackoverflow.com/questions/7248488/what-would-cause-chrome-autofill-to-stop-working Hmmmm, related? We're using Braintree's validation in Or as simple as not working at all for Braintree? Credit Card Autofill Does Not Work. |
Doesn't seem related to the ZIP and hidden Braintree fields being non-cc fields (as suggested somewhere). I'm going to bed. |
Even if I drop all the way down to
the behavior is the same. Is there some master JS that is messing with all form data? |
It's this part of the
If I change or remove it (or just the |
Well, it's this one: Aha! If I just don't run the CC number through that function, autocomplete works. Let's commit that and see. |
There are still some |
It is still checking whether the card is American Express or not, because it's telling me when to use 3 or 4 digits for CVV... Also not validating numbers vs letters. |
May I ask on which instance you are testing? "review app" mentioned here? |
That's a question for @whit537, I have no idea. I'm checking this locally. |
@nobodxbodon, I honestly don't know what you're asking. 😄 |
I think the answer is that you're "checking this locally"? |
@mattbk actually I was referring to your initial comment
So I wondered if you tested the commits on some staging/dev instance instead of locally. |
I didn't know of anything like that already set up, so I played around with it until I realized that the message that autocomplete won't work actually follows the same behavior. So whether it will actually autocomplete the card doesn't matter, all that should matter is that the message comes up on the first number entered, rather than after n numbers and then a backspace. I'm not convinced yet that the card number can't be passed through at least some of the subroutines in |
From my experiments, I don't think we can play nice with autocomplete and validate the way we do now. However, https://github.com/braintree/card-validator looks like something we could use. @whit537, does that seem reasonable, or is it hard to add something like this? |
Seems reasonable to me. 👍 |
Is anyone interested in taking this on? Running out of time in my day to give this the attention it deserves. (@whit537, this doesn't include you jumping in and wasting another day. I'm trying to focus on only opening things I know I can finish.) |
@EdOverflow is there any security reason for us to not support Chrome Autofill, aside from the user storing their credit card info in Chrome itself? |
@mattbk I usually don't encourage people to use the Chrome Autofill, because of the following: https://github.com/anttiviljami/browser-autofill-phishing/blob/master/readme.md That said, I don't think it would hurt to implement it on Gratipay. I will take a look when everything is done. |
Rebased on master? |
Ish? Needs work, I think. Want me to try to clean it up? |
If you have a chance. I wasn't going to go any further today, but apparently my drive-by rebasing needs work. |
c88281f
to
d3999a0
Compare
I think you maybe did whatever @kaguillera sometimes does. :-) Look okay now? (Was c88281f.) |
@mattbk Is this ready for review? |
No, I never learned how to integrate https://github.com/braintree/card-validator. 😞 |
...and without that, the way to fix is to remove validation during card entry. IMHO this is fine... |
I looked at this again. I think it's ready for review once green. Essentially it doesn't pass the card number through our internal validation, which lets Chrome begin filling in the card number immediately. It also adds all the right tags to the fields for Chrome autocomplete to work. |
Closes #4041. I’m guessing this will take several iterations to get right—
testing locally is difficult because Chrome won’t autofill unless the connection is secure.Yes, but we get a popup telling us it's insecure, and that's almost as good.