diff options
author | Christian Grothoff <christian@grothoff.org> | 2021-08-13 23:14:23 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2021-08-13 23:14:23 +0200 |
commit | 2268e4b9c7de07f753dc817616e730766eacffe9 (patch) | |
tree | f54e953d5aa8553389ad3bed823debf0926f49df | |
parent | e6d539ae9efaeac6c515b36084552e237e386068 (diff) | |
download | docs-2268e4b9c7de07f753dc817616e730766eacffe9.tar.gz docs-2268e4b9c7de07f753dc817616e730766eacffe9.tar.bz2 docs-2268e4b9c7de07f753dc817616e730766eacffe9.zip |
-comments for Florian
-rw-r--r-- | merchant-spec/public-orders-get.ts | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/merchant-spec/public-orders-get.ts b/merchant-spec/public-orders-get.ts index 130f53f5..ef9eee3f 100644 --- a/merchant-spec/public-orders-get.ts +++ b/merchant-spec/public-orders-get.ts @@ -63,6 +63,11 @@ function handlePublicOrdersGet(mos: MerchantOrderStore, req: Req): Resp { // Client is trying to get the order status of a claimed, // unpaid order. However, the client is not showing authentication. // + // CG-FIXME: Eh, nothing here suggests the order is _claimed_. + // The branch above is wrong, as an unclaimed order without + // requireClaimToken must not end up here! So I think + // we here need authMissing && !authOk in the branch above! + // // This can happen when the fulfillment URL includes the order ID, // and the storefront redirects the user to the backend QR code // page, because the order is not paid under the current session. |