diff options
author | Florian Dold <florian.dold@gmail.com> | 2020-08-10 20:41:34 +0530 |
---|---|---|
committer | Florian Dold <florian.dold@gmail.com> | 2020-08-10 20:41:34 +0530 |
commit | 8a3b86d72cfd274d78a0bef7776774bef74852c7 (patch) | |
tree | 1b2f62e43cc3585d1e525c752c26ac9743d76603 | |
parent | 25def8ac73c2ae3b2420d5f9bbd05f32871c96ad (diff) | |
download | docs-8a3b86d72cfd274d78a0bef7776774bef74852c7.tar.gz docs-8a3b86d72cfd274d78a0bef7776774bef74852c7.tar.bz2 docs-8a3b86d72cfd274d78a0bef7776774bef74852c7.zip |
make paywall payment flow NoJS compatible
-rw-r--r-- | design-documents/007-payment.rst | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/design-documents/007-payment.rst b/design-documents/007-payment.rst index dd01b60f..83cf01e2 100644 --- a/design-documents/007-payment.rst +++ b/design-documents/007-payment.rst @@ -19,6 +19,7 @@ Requirements * A simple API should be offered to shops * Sharing of links or re-visiting of bookmarks should result in well-defined behavior instead of random, ugly error messages. +* The payment flow must degrade gracefully when JavaScript is disabled. Proposed Solution ================= @@ -143,13 +144,18 @@ The merchant backend runs the following steps to generate the HTML page for 4. If *order-ID* identifies an *claimed* and *unpaid* order, run these steps: - 1. If the order is *claimed* and the *contract-hash* request parameter does not + 1. If the *claim-token* request parameter is given and the *contract-hash* requesst parameter is + not given, redirect to the fulfillment URL of the order. (**Note**: We do not check + the claim token, as the merchant might have already deleted it when the order is paid, + and the fulfillment URL is not considered to be secret/private.) + + 2. If the *contract-hash* request parameter does not match the contract hash of the order, return a 403 Forbidden response. **Terminate**. - 2. If there is a non-null *already-paid-order-ID* for *session-ID* stored under the current order, + 3. If there is a non-null *already-paid-order-ID* for *session-ID* stored under the current order, redirect to the *fulfillment-URL* of *already-paid-order-ID*. **Terminate**. - 3. Prompt the URI + 4. Prompt the URI :: |