[webkit-changes] [WebKit/WebKit] d2ec1f: [ApplePay] PaymentRequestValidator::validateTotal(...

Tue Jul 2 11:17:54 PDT 2024

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: d2ec1f7779ef1a96793eaa8b83a60e4b8782d8b3
      https://github.com/WebKit/WebKit/commit/d2ec1f7779ef1a96793eaa8b83a60e4b8782d8b3
  Author: Abrar Rahman Protyasha <a_protyasha at apple.com>
  Date:   2024-07-02 (Tue, 02 Jul 2024)

  Changed paths:
    M LayoutTests/http/tests/ssl/applepay/ApplePaySession-expected.txt
    M LayoutTests/http/tests/ssl/applepay/ApplePaySession.html
    M LayoutTests/http/tests/ssl/applepay/PaymentRequest.https-expected.txt
    M LayoutTests/http/tests/ssl/applepay/PaymentRequest.https.html
    M Source/WebCore/Modules/applepay/PaymentRequestValidator.mm

  Log Message:
  -----------
  [ApplePay] PaymentRequestValidator::validateTotal() imposes an arbitrary 8 digit limit on the total amount
https://bugs.webkit.org/show_bug.cgi?id=276087
rdar://112078798

Reviewed by Megan Gardner.

WebCore performs some sanity checks on Apple Pay line items, and one of
these checks is to make sure the total amount of a payment request is
smaller than (some) large value. This value was made to match PassKit's
maximum amount in 177329 at main.

Unfortunately, now, this is _just_ an arbitrarily large value, and does
not match PassKit's maximum amount any longer. Moreover, we have found
this simple max amount check to be misleading since said amount is not
static; it is modulated by various factors, such the varying minor
decimal places per currency. To this end, we simply delegate checking
against a maximum total amount to the underlying payment system instead
of trying to resolve all the nuances ourselves, some of which require
system support that is unavailable.

This change means that we unfortunately lose a descriptive error mode
since we no longer surface a "Total amount is too large" type error in
the web console and instead just opaquely fail at the payment sheet. We
want to restore this behavior as part of webkit.org/b/276088 by adopting
per-currency checks for the total amount.

* LayoutTests/http/tests/ssl/applepay/ApplePaySession-expected.txt:
* LayoutTests/http/tests/ssl/applepay/ApplePaySession.html:
* LayoutTests/http/tests/ssl/applepay/PaymentRequest.https-expected.txt:
* LayoutTests/http/tests/ssl/applepay/PaymentRequest.https.html:
* Source/WebCore/Modules/applepay/PaymentRequestValidator.mm:
(WebCore::PaymentRequestValidator::validateTotal):

Canonical link: https://commits.webkit.org/280584@main

To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications