Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only load Stripe JS on product page when required #2110

Merged
merged 14 commits into from
Nov 9, 2021
Merged

Only load Stripe JS on product page when required #2110

merged 14 commits into from
Nov 9, 2021

Conversation

reykjalin
Copy link
Contributor

@reykjalin reykjalin commented Nov 2, 2021
edited
Loading

Changes proposed in this Pull Request:

Fixes #2065

  • Don't load Stripe JS on product pages when PRBs are disabled.
  • Don't load Stripe JS on the cart page when PRBs are disabled.

Testing instructions

Note: The test should be performed with UPE enabled and disabled, and on both the Shortcode and Block-based cart pages.

  1. Make sure PRBs are only present on the Checkout page.
  2. git switch develop.
  3. Open the Network tab of your browser's developer tools.
  4. Open any product details page.
  5. Notice that we load scripts from js.stripe.com.
  6. Add a product to your cart and go to your store's cart page.
  7. Notice that we load scripts from js.stripe.com.
  8. git switch fix/2065-only-load-stripe-js-on-product-pages-when-required
  9. Open any product details page.
  10. Make sure we still load scripts from js.stripe.com.
  11. Add a product to your cart and go to your store's cart page.
  12. Make sure we still load scripts from js.stripe.com.
  13. Use the Code Snippets plugin to add the following filters:
add_filter( 'wc_stripe_load_scripts_on_product_page_when_prbs_disabled', '__return_false' );
add_filter( 'wc_stripe_load_scripts_on_cart_page_when_prbs_disabled', '__return_false' );
  1. Open any product details page.
  2. Make sure no scripts are loaded from js.stripe.com
  3. Add a product to your cart and go to your store's cart page.
  4. Make sure no scripts are loaded from js.stripe.com
  • Covered with tests (or have a good reason not to test in description ☝️)
  • Added changelog entry (or does not apply)
  • Tested on mobile (or does not apply)

Post merge

Only load Stripe JS on product page when required
4d737c3 
Previously we always loaded the Stripe JS on relevant pages through the
main gateway class, but now we have an additional check there to make
sure that doesn't happen.
Only load Stripe JS on the cart page when required
fd11638 
Previously we always loaded the Stripe JS on relevant pages through the
main gateway class, but now we have an additional check there to make
sure this doesn't happen.
diegocurbelo
diegocurbelo reviewed Nov 3, 2021
View reviewed changes
diegocurbelo
diegocurbelo requested changes Nov 3, 2021
View reviewed changes
Copy link
Member

@diegocurbelo diegocurbelo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code looks good, and it works as expected in both the product and shortcode cart pages... but it still loads Stripe in the blocks cart.

Also, should we create an issue to do this for UPE?

@DeanMarkTaylor DeanMarkTaylor mentioned this pull request Nov 4, 2021
Closed
@reykjalin
Copy link
Contributor Author

it still loads Stripe in the blocks cart.

Yeah, I hadn't thought about it there 🤔 It's less of a problem in the Blocks integration though since the Stripe JS SDK is loaded asynchronously. We should still make removing unnecessary JS an option.

Also, should we create an issue to do this for UPE?

I think we can just address this here 🤔

@DeanMarkTaylor brought up a point in #2065 (comment) that we've been discussing in p1635879932054100-slack-C01BZUL57SQ regarding how Stripe recommends we load the Stripe JS on all pages for fraud prevention purposes.

Currently we only load the Stripe JS on Product, Cart, and Checkout pages, and I don't think we should change that. However, based on Stripe's own documentation we probably shouldn't be disabling the scripts by default.

I think the best path forward would be to introduce a filter that will allow merchants to disable the Stripe JS on product and cart pages when the PRBs are not loaded. We'll still load the Stripe JS by default to follow Stripe's recommendation on loading the script on multiple pages for fraud prevention purposes, but merchants that are willing to accept the risk of potentially increased rates of fraud can disable the script entirely.

Add filters to disable scripts on product and cart
86377fb 
These filters will only be applied when the PRBs are disabled on the
product and cart pages. This will give merchants the option to not load
the extra JS when they're not using the PRBs on those pages.

Stripe's JS includes some fraud prevention mechanisms, so disabling the
scripts using these filters does increase the risk of successul fraud on
a merchant's store, but that's something merchants will have to decide
on their own.
Disable JS for UPE and Blocks when appropriate
38b03e1 
Only applies on Product and Cart pages when PRBs are disabled.
@DeanMarkTaylor DeanMarkTaylor mentioned this pull request Nov 5, 2021
Draft
4 tasks
diegocurbelo
diegocurbelo requested changes Nov 5, 2021
View reviewed changes
Copy link
Member

@diegocurbelo diegocurbelo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After adding the 2 filters... the product and shortcode cart don't load the Stripe JS, but both pages have a warning at the top (scrolling up after page load), the blocks cart does not have the warning but the Stripe JS is still loaded:

Screen Shot 2021-11-04 at 23 59 04

@reykjalin
Copy link
Contributor Author

both pages have a warning at the top (scrolling up after page load)

@diegocurbelo I'm unable to reproduce the issue 🤔

What versions of WP/WC/Blocks are you using?

the blocks cart does not have the warning but the Stripe JS is still loaded

Ah yeah, I can reproduce this. I'll look into that! Nice catch!

@reykjalin
Copy link
Contributor Author

@diegocurbelo It seems maybe we can't detect this for the blocks integration?

When I'm on the page with the cart block (designated as the Cart page) both is_cart() and has_block( 'woocommerce/cart' ) return false 🤨 .

image

This is definitely less of a problem with the Blocks integration because the Stripe JS is loaded asynchronously via the Stripe SDK npm package using loadStripe(), but it seems like we can't offer this filter in the Blocks integration.

If we only rely on the settings (the result from WC_Stripe_Helper::should_load_scripts_on_cart_page()) we'd end up removing the script from the Checkout page too, and that's not an option.

All in all it looks like we may have to just not apply the filter for the blocks integration? What do you think?

@diegocurbelo
Copy link
Member

All in all it looks like we may have to just not apply the filter for the blocks integration? What do you think?

I agree... The JS loads asynchronously in that case

Kristófer R added 4 commits November 8, 2021 16:29
return empty list of script handles for blocks support
4e0c5b7
Merge branch 'develop' into fix/2065-only-load-stripe-js-on-product-p…
0bc288c 
…ages-when-required
Remove filter for unloading Stripe JS with blocks
45cc93e 
The function used to retrieve the script handles is run at a point where
the block hasn't been loaded, so we can't detect whether we're on a cart
or product page. As such we can't make an informed decisions on whether
or not to load the script.

The script is loaded asynchronously in the blocks checkout though, so
this shouldn't be degradation in performance as it relates to the issue
reported in #2065.
Remove redundant product page check for UPE filter
9bc82b5 
The UPE payment_scripts() function is not called on product pages, and
as such it is not necessary to check for that condition when unloading
the Stripe JS.
diegocurbelo
diegocurbelo approved these changes Nov 8, 2021
View reviewed changes
Copy link
Member

@diegocurbelo diegocurbelo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code looks good... and tests well 🚢 🚢

@reykjalin reykjalin merged commit a2db575 into develop Nov 9, 2021
@reykjalin reykjalin deleted the fix/2065-only-load-stripe-js-on-product-pages-when-required branch November 9, 2021 00:43
@reykjalin reykjalin mentioned this pull request Nov 23, 2021
Merged
4 tasks
sebastianmoran-mainwp added a commit to mainwp/Code-Snippets-Functions that referenced this pull request Nov 24, 2021
@sebastianmoran-mainwp
Create disable-stripe-scripts-loading-if-prbs-is-disabled.txt
63b85f4 
woocommerce/woocommerce-gateway-stripe#2110
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@diegocurbelo diegocurbelo diegocurbelo approved these changes

Assignees
No one assigned
Labels
pr: ready to merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Unnecessary resources and HTTP requests on product and/or cart pages
2 participants
@reykjalin @diegocurbelo