Dear @Aaron and All,
We are trying to implement Accept.js to create a payment terminal in the back end of Salesforce under the new Lightning user interface. The Lightning UI implements a Content Security Policy that does not allow 3rd party Javascript files to be loaded from an external site. There is some documentation on this here. The Lightning UI will only load JS files that come from a Salesforce server (this is a 'Static Resource' in Salesforce' parliance).
So, we tried copying the Accept.js into a local file that could be loaded from Salesforce' servers. In this case, we get the following errors from Accept.js:
When loading the library:
AcceptCore.js:3 Library is not coming from Accept CDN.
And when trying to call Accept.dispatchData():
0:{code: "E_WC_01", text: "Please include Accept.js library from cdn."}
So, we are stuck between a rock and a hard place. Even if Salesforce ever allows 3rd party JS libraries, it will be a while before that happens. Is there any other version of Accept.js that can work under a restrictive Content Security Policy, or when not loaded directly from Authorize.net? (Accept Hosted does not work in Salesforce' back end either).
What can we do to find a way to get Accept.js working under these circumstances?
Thanks and Best Regards,
Josh
11-27-2017 07:04 AM - edited 11-27-2017 07:05 AM
Even if you re-wrote Accept.js to use a local copy of AcceptCore.js, Authorize.net's API should reject the request when the scripts are not being loaded from thier server.
One way on Salesforce is to use Apex classes and do direct payments:
https://c.na50.visual.force.com/apex/DoPayment
11-28-2017 11:47 AM - edited 11-28-2017 11:51 AM
Thanks. We're not too interested in rewriting Accept.js. But we would like to do everything client-side, so that the credit card numbers don't touch our servers.
That link looks like it goes to an internal web page, it's not accessible.
11-28-2017 02:50 PM
That link should be https://nexweb-developer-edition.na50.force.com, it posts to the sandbox.
Another option would to create a payment processing microservice outside of SalesForce and update any necessary records at SalesForce via their API.
11-28-2017 03:43 PM - edited 11-28-2017 03:45 PM