From 4d737c345ba6a8dc550628b11edc3e05f4843b59 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krist=C3=B3fer=20R?= Date: Tue, 2 Nov 2021 16:39:27 -0400 Subject: [PATCH 01/10] Only load Stripe JS on product page when required Previously we always loaded the Stripe JS on relevant pages through the main gateway class, but now we have an additional check there to make sure that doesn't happen. --- includes/class-wc-gateway-stripe.php | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/includes/class-wc-gateway-stripe.php b/includes/class-wc-gateway-stripe.php index cf3059245d..5b3c3a0af9 100644 --- a/includes/class-wc-gateway-stripe.php +++ b/includes/class-wc-gateway-stripe.php @@ -404,6 +404,17 @@ public function payment_scripts() { return; } + if ( + is_product() + && ! in_array( + 'product', + $this->get_option( 'payment_request_button_locations', [ 'product', 'cart' ] ), + true + ) + ) { + return; + } + // If Stripe is not enabled bail. if ( 'no' === $this->enabled ) { return; From fd116387eed8909f1829eccdfd81bb1342f25764 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krist=C3=B3fer=20R?= Date: Tue, 2 Nov 2021 16:48:29 -0400 Subject: [PATCH 02/10] Only load Stripe JS on the cart page when required Previously we always loaded the Stripe JS on relevant pages through the main gateway class, but now we have an additional check there to make sure this doesn't happen. --- includes/class-wc-gateway-stripe.php | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/includes/class-wc-gateway-stripe.php b/includes/class-wc-gateway-stripe.php index 5b3c3a0af9..8e385b50e0 100644 --- a/includes/class-wc-gateway-stripe.php +++ b/includes/class-wc-gateway-stripe.php @@ -415,6 +415,17 @@ public function payment_scripts() { return; } + if ( + is_cart() + && ! in_array( + 'cart', + $this->get_option( 'payment_request_button_locations', [ 'product', 'cart' ] ), + true + ) + ) { + return; + } + // If Stripe is not enabled bail. if ( 'no' === $this->enabled ) { return; From 4fa9d669bf9b7e9e5c604d853b1a0ddc71e8d17a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krist=C3=B3fer=20R?= Date: Tue, 2 Nov 2021 16:59:29 -0400 Subject: [PATCH 03/10] add changelog entry --- .vscode/launch.json | 6 ++++++ changelog.txt | 1 + readme.txt | 1 + 3 files changed, 8 insertions(+) diff --git a/.vscode/launch.json b/.vscode/launch.json index b555cca4d4..3a88e7ef2b 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -13,6 +13,12 @@ "/var/www/html/": "${workspaceFolder}/docker/wordpress", "/var/www/html/wp-content/plugins/woocommerce-gateway-stripe/": "${workspaceFolder}" } + }, + { + "name": "Xdebug local", + "type": "php", + "request": "launch", + "port": 9000, } ] } \ No newline at end of file diff --git a/changelog.txt b/changelog.txt index 9e25891713..255cc06766 100644 --- a/changelog.txt +++ b/changelog.txt @@ -5,6 +5,7 @@ * Fix - Error when changing payment method for a subscription with new checkout experience. * Fix - Payment Requests are now updated correctly when updating items in the Cart Block. * Add - Support for WooCommerce Pre-Orders with new checkout experience. +* Fix - Stripe JS is no longer loaded on cart and product pages when PRBs are disabled on those pages. = 5.7.0 - 2021-10-20 = * Fix - Enable use of saved payment methods converted to SEPA payments. diff --git a/readme.txt b/readme.txt index aebbe0db2a..f2f23c740a 100644 --- a/readme.txt +++ b/readme.txt @@ -131,5 +131,6 @@ If you get stuck, you can ask for help in the Plugin Forum. * Fix - Error when changing payment method for a subscription with new checkout experience. * Fix - Payment Requests are now updated correctly when updating items in the Cart Block. * Add - Support for WooCommerce Pre-Orders with new checkout experience. +* Fix - Stripe JS is no longer loaded on cart and product pages when PRBs are disabled on those pages. [See changelog for all versions](https://raw.githubusercontent.com/woocommerce/woocommerce-gateway-stripe/trunk/changelog.txt). From 94b2851de80540adc1f34f4ac966747cd7a914eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krist=C3=B3fer=20R?= Date: Thu, 4 Nov 2021 03:34:05 -0400 Subject: [PATCH 04/10] revert launch json config change --- .vscode/launch.json | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.vscode/launch.json b/.vscode/launch.json index 3a88e7ef2b..b555cca4d4 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -13,12 +13,6 @@ "/var/www/html/": "${workspaceFolder}/docker/wordpress", "/var/www/html/wp-content/plugins/woocommerce-gateway-stripe/": "${workspaceFolder}" } - }, - { - "name": "Xdebug local", - "type": "php", - "request": "launch", - "port": 9000, } ] } \ No newline at end of file From 86377fbfac9db6bf4ff56522a1524753b126a9bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krist=C3=B3fer=20R?= Date: Thu, 4 Nov 2021 04:02:08 -0400 Subject: [PATCH 05/10] Add filters to disable scripts on product and cart These filters will only be applied when the PRBs are disabled on the product and cart pages. This will give merchants the option to not load the extra JS when they're not using the PRBs on those pages. Stripe's JS includes some fraud prevention mechanisms, so disabling the scripts using these filters does increase the risk of successul fraud on a merchant's store, but that's something merchants will have to decide on their own. --- includes/class-wc-gateway-stripe.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/includes/class-wc-gateway-stripe.php b/includes/class-wc-gateway-stripe.php index 8e385b50e0..ecaa006576 100644 --- a/includes/class-wc-gateway-stripe.php +++ b/includes/class-wc-gateway-stripe.php @@ -412,7 +412,9 @@ public function payment_scripts() { true ) ) { - return; + if ( apply_filters( 'wc_stripe_remove_scripts_on_product_page_when_prbs_disabled', false ) ) { + return; + } } if ( @@ -423,7 +425,9 @@ public function payment_scripts() { true ) ) { - return; + if ( apply_filters( 'wc_stripe_remove_scripts_on_cart_page_when_prbs_disabled', false ) ) { + return; + } } // If Stripe is not enabled bail. From a152af75ed9d260b36f6ee6637c6457038eb498d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krist=C3=B3fer=20R?= Date: Thu, 4 Nov 2021 04:19:21 -0400 Subject: [PATCH 06/10] Add helper functions to determine when to load js --- includes/class-wc-gateway-stripe.php | 26 ++++---------------------- includes/class-wc-stripe-helper.php | 18 ++++++++++++++++++ 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/includes/class-wc-gateway-stripe.php b/includes/class-wc-gateway-stripe.php index ecaa006576..44b742477e 100644 --- a/includes/class-wc-gateway-stripe.php +++ b/includes/class-wc-gateway-stripe.php @@ -404,30 +404,12 @@ public function payment_scripts() { return; } - if ( - is_product() - && ! in_array( - 'product', - $this->get_option( 'payment_request_button_locations', [ 'product', 'cart' ] ), - true - ) - ) { - if ( apply_filters( 'wc_stripe_remove_scripts_on_product_page_when_prbs_disabled', false ) ) { - return; - } + if ( is_product() && ! WC_Stripe_Helper::should_load_scripts_on_product_page() ) { + return; } - if ( - is_cart() - && ! in_array( - 'cart', - $this->get_option( 'payment_request_button_locations', [ 'product', 'cart' ] ), - true - ) - ) { - if ( apply_filters( 'wc_stripe_remove_scripts_on_cart_page_when_prbs_disabled', false ) ) { - return; - } + if ( is_cart() && ! WC_Stripe_Helper::should_load_scripts_on_cart_page() ) { + return; } // If Stripe is not enabled bail. diff --git a/includes/class-wc-stripe-helper.php b/includes/class-wc-stripe-helper.php index 100aa39e76..1b1415c3d9 100644 --- a/includes/class-wc-stripe-helper.php +++ b/includes/class-wc-stripe-helper.php @@ -583,4 +583,22 @@ public static function should_enqueue_in_current_tab_section( $tab, $section ) { return true; } + + public static function should_load_scripts_on_product_page() { + $prb_locations = self::get_settings( null, 'payment_request_button_locations' ) ?? [ 'product', 'cart' ]; + if ( ! in_array( 'product', $prb_locations, true ) ) { + return apply_filters( 'wc_stripe_load_scripts_on_product_page_when_prbs_disabled', true ); + } + + return true; + } + + public static function should_load_scripts_on_cart_page() { + $prb_locations = self::get_settings( null, 'payment_request_button_locations' ) ?? [ 'product', 'cart' ]; + if ( ! in_array( 'cart', $prb_locations, true ) ) { + return apply_filters( 'wc_stripe_load_scripts_on_cart_page_when_prbs_disabled', true ); + } + + return true; + } } From 38b03e1dd9c7b3254d1088a7e3ce4a5d51e9a80e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krist=C3=B3fer=20R?= Date: Thu, 4 Nov 2021 04:23:44 -0400 Subject: [PATCH 07/10] Disable JS for UPE and Blocks when appropriate Only applies on Product and Cart pages when PRBs are disabled. --- includes/class-wc-stripe-blocks-support.php | 8 ++++++++ .../class-wc-stripe-upe-payment-gateway.php | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/includes/class-wc-stripe-blocks-support.php b/includes/class-wc-stripe-blocks-support.php index 3444dbe4ab..d5a9bec10b 100644 --- a/includes/class-wc-stripe-blocks-support.php +++ b/includes/class-wc-stripe-blocks-support.php @@ -60,6 +60,14 @@ public function is_active() { * @return array */ public function get_payment_method_script_handles() { + if ( is_product() && ! WC_Stripe_Helper::should_load_scripts_on_product_page() ) { + return; + } + + if ( is_cart() && ! WC_Stripe_Helper::should_load_scripts_on_cart_page() ) { + return; + } + // Ensure Stripe JS is enqueued wp_register_script( 'stripe', diff --git a/includes/payment-methods/class-wc-stripe-upe-payment-gateway.php b/includes/payment-methods/class-wc-stripe-upe-payment-gateway.php index 0be525f7dc..99adfb1880 100644 --- a/includes/payment-methods/class-wc-stripe-upe-payment-gateway.php +++ b/includes/payment-methods/class-wc-stripe-upe-payment-gateway.php @@ -193,6 +193,14 @@ public function payment_scripts() { return; } + if ( is_product() && ! WC_Stripe_Helper::should_load_scripts_on_product_page() ) { + return; + } + + if ( is_cart() && ! WC_Stripe_Helper::should_load_scripts_on_cart_page() ) { + return; + } + $asset_path = WC_STRIPE_PLUGIN_PATH . '/build/checkout_upe.asset.php'; $version = WC_STRIPE_VERSION; $dependencies = []; From 4e0c5b76a70676c912b2e66eb223248b237948ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krist=C3=B3fer=20R?= Date: Mon, 8 Nov 2021 16:29:53 -0500 Subject: [PATCH 08/10] return empty list of script handles for blocks support --- includes/class-wc-stripe-blocks-support.php | 4 +- package-lock.json | 162 ++++++++++++++------ 2 files changed, 113 insertions(+), 53 deletions(-) diff --git a/includes/class-wc-stripe-blocks-support.php b/includes/class-wc-stripe-blocks-support.php index d5a9bec10b..73cdf0aeca 100644 --- a/includes/class-wc-stripe-blocks-support.php +++ b/includes/class-wc-stripe-blocks-support.php @@ -61,11 +61,11 @@ public function is_active() { */ public function get_payment_method_script_handles() { if ( is_product() && ! WC_Stripe_Helper::should_load_scripts_on_product_page() ) { - return; + return []; } if ( is_cart() && ! WC_Stripe_Helper::should_load_scripts_on_cart_page() ) { - return; + return []; } // Ensure Stripe JS is enqueued diff --git a/package-lock.json b/package-lock.json index 9571f215c5..8fd1acef3b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6975,53 +6975,6 @@ "pinkie-promise": "^2.0.0" } }, - "pkg-dir": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz", - "integrity": "sha512-HRDzbaKjC+AOWVXxAU/x54COGeIv9eb+6CkDSQoNTt4XyWoIJvuPsXizxu/Fr23EiekbtZwmh1IcIG/l/a10GQ==", - "dev": true, - "requires": { - "find-up": "^4.0.0" - }, - "dependencies": { - "find-up": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", - "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", - "dev": true, - "requires": { - "locate-path": "^5.0.0", - "path-exists": "^4.0.0" - } - }, - "path-exists": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", - "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==", - "dev": true - } - } - }, - "puppeteer": { - "version": "npm:puppeteer-core@5.5.0", - "resolved": "https://registry.npmjs.org/puppeteer-core/-/puppeteer-core-5.5.0.tgz", - "integrity": "sha512-tlA+1n+ziW/Db03hVV+bAecDKse8ihFRXYiEypBe9IlLRvOCzYFG6qrCMBYK34HO/Q/Ecjc+tvkHRAfLVH+NgQ==", - "dev": true, - "requires": { - "debug": "^4.1.0", - "devtools-protocol": "0.0.818844", - "extract-zip": "^2.0.0", - "https-proxy-agent": "^4.0.0", - "node-fetch": "^2.6.1", - "pkg-dir": "^4.2.0", - "progress": "^2.0.1", - "proxy-from-env": "^1.0.0", - "rimraf": "^3.0.2", - "tar-fs": "^2.0.0", - "unbzip2-stream": "^1.3.3", - "ws": "^7.2.3" - } - }, "react": { "version": "16.14.0", "resolved": "https://registry.npmjs.org/react/-/react-16.14.0.tgz", @@ -19146,10 +19099,37 @@ } }, "node-fetch": { - "version": "2.6.2", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.2.tgz", - "integrity": "sha512-aLoxToI6RfZ+0NOjmWAgn9+LEd30YCkJKFSyWacNZdEKTit/ZMcKjGkTRo8uWEsnIb/hfKecNPEbln02PdWbcA==", - "dev": true + "version": "2.6.6", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.6.tgz", + "integrity": "sha512-Z8/6vRlTUChSdIgMa51jxQ4lrw/Jy5SOW10ObaA47/RElsAN2c5Pn8bTgFGWn/ibwzXTE8qwr1Yzx28vsecXEA==", + "dev": true, + "requires": { + "whatwg-url": "^5.0.0" + }, + "dependencies": { + "tr46": { + "version": "0.0.3", + "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", + "integrity": "sha1-gYT9NH2snNwYWZLzpmIuFLnZq2o=", + "dev": true + }, + "webidl-conversions": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", + "integrity": "sha1-JFNCdeKnvGvnvIZhHMFq4KVlSHE=", + "dev": true + }, + "whatwg-url": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", + "integrity": "sha1-lmRU6HZUYuN2RNNib2dCzotwll0=", + "dev": true, + "requires": { + "tr46": "~0.0.3", + "webidl-conversions": "^3.0.0" + } + } + } }, "node-gyp": { "version": "3.8.0", @@ -20958,6 +20938,86 @@ "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==", "dev": true }, + "puppeteer": { + "version": "npm:puppeteer-core@5.5.0", + "resolved": "https://registry.npmjs.org/puppeteer-core/-/puppeteer-core-5.5.0.tgz", + "integrity": "sha512-tlA+1n+ziW/Db03hVV+bAecDKse8ihFRXYiEypBe9IlLRvOCzYFG6qrCMBYK34HO/Q/Ecjc+tvkHRAfLVH+NgQ==", + "dev": true, + "requires": { + "debug": "^4.1.0", + "devtools-protocol": "0.0.818844", + "extract-zip": "^2.0.0", + "https-proxy-agent": "^4.0.0", + "node-fetch": "^2.6.1", + "pkg-dir": "^4.2.0", + "progress": "^2.0.1", + "proxy-from-env": "^1.0.0", + "rimraf": "^3.0.2", + "tar-fs": "^2.0.0", + "unbzip2-stream": "^1.3.3", + "ws": "^7.2.3" + }, + "dependencies": { + "find-up": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", + "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", + "dev": true, + "requires": { + "locate-path": "^5.0.0", + "path-exists": "^4.0.0" + } + }, + "locate-path": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", + "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", + "dev": true, + "requires": { + "p-locate": "^4.1.0" + } + }, + "p-limit": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "dev": true, + "requires": { + "p-try": "^2.0.0" + } + }, + "p-locate": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", + "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", + "dev": true, + "requires": { + "p-limit": "^2.2.0" + } + }, + "p-try": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", + "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==", + "dev": true + }, + "path-exists": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", + "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==", + "dev": true + }, + "pkg-dir": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz", + "integrity": "sha512-HRDzbaKjC+AOWVXxAU/x54COGeIv9eb+6CkDSQoNTt4XyWoIJvuPsXizxu/Fr23EiekbtZwmh1IcIG/l/a10GQ==", + "dev": true, + "requires": { + "find-up": "^4.0.0" + } + } + } + }, "q": { "version": "1.5.1", "resolved": "https://registry.npmjs.org/q/-/q-1.5.1.tgz", From 45cc93ebc3b8ab58148402dff310a1dbf8f480e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krist=C3=B3fer=20R?= Date: Mon, 8 Nov 2021 16:58:06 -0500 Subject: [PATCH 09/10] Remove filter for unloading Stripe JS with blocks The function used to retrieve the script handles is run at a point where the block hasn't been loaded, so we can't detect whether we're on a cart or product page. As such we can't make an informed decisions on whether or not to load the script. The script is loaded asynchronously in the blocks checkout though, so this shouldn't be degradation in performance as it relates to the issue reported in #2065. --- includes/class-wc-stripe-blocks-support.php | 8 -------- 1 file changed, 8 deletions(-) diff --git a/includes/class-wc-stripe-blocks-support.php b/includes/class-wc-stripe-blocks-support.php index 73cdf0aeca..3444dbe4ab 100644 --- a/includes/class-wc-stripe-blocks-support.php +++ b/includes/class-wc-stripe-blocks-support.php @@ -60,14 +60,6 @@ public function is_active() { * @return array */ public function get_payment_method_script_handles() { - if ( is_product() && ! WC_Stripe_Helper::should_load_scripts_on_product_page() ) { - return []; - } - - if ( is_cart() && ! WC_Stripe_Helper::should_load_scripts_on_cart_page() ) { - return []; - } - // Ensure Stripe JS is enqueued wp_register_script( 'stripe', From 9bc82b5e8368ed31006eb4ded95555e36df24615 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krist=C3=B3fer=20R?= Date: Mon, 8 Nov 2021 17:04:00 -0500 Subject: [PATCH 10/10] Remove redundant product page check for UPE filter The UPE payment_scripts() function is not called on product pages, and as such it is not necessary to check for that condition when unloading the Stripe JS. --- .../payment-methods/class-wc-stripe-upe-payment-gateway.php | 4 ---- 1 file changed, 4 deletions(-) diff --git a/includes/payment-methods/class-wc-stripe-upe-payment-gateway.php b/includes/payment-methods/class-wc-stripe-upe-payment-gateway.php index 99adfb1880..3d3cc2f92f 100644 --- a/includes/payment-methods/class-wc-stripe-upe-payment-gateway.php +++ b/includes/payment-methods/class-wc-stripe-upe-payment-gateway.php @@ -193,10 +193,6 @@ public function payment_scripts() { return; } - if ( is_product() && ! WC_Stripe_Helper::should_load_scripts_on_product_page() ) { - return; - } - if ( is_cart() && ! WC_Stripe_Helper::should_load_scripts_on_cart_page() ) { return; }