Hello,
We need to lock the order when the customer clicks on the payment button before the stripe.confirmPayment() is called. For security reasons, I will not write more stuff about why this needs to be done and why it is a critical bug.
Legit maintainers can email me for more details if need be.
On our website, we created an ajax callback that does this:
$order->lock();
$order->setRefreshState(OrderInterface::REFRESH_SKIP); // this is to avoid OrderRefresh::refresh to be called on save
$order->save();
Active
1.2
Payment Element
Salut Nicolas,
I'll add you comment here as a reference to give it better visibility since it is on a closed issue and feels related :
https://www.drupal.org/project/commerce_stripe/issues/3491309#comment-15... 💬 When processing a succeeded payment_intent why do we assume the payment intent covered the whole order balance? Active