所以我正在使用Symfony + Sylius编写项目。我有一个表单,它通过ajax提交到/{paymentId}/pay路由,然后调用payum控制器来处理付款并向/payment/capture/{token}发送重定向,然后再重定向以显示卡详细信息表单,此卡详细信息表单已加载到iFrame中。但是,/payment/capture的路由是通过http提供的,因此由于此错误而永远不会出现在iFrame中:
Mixed Content: The page at 'https://www.example.com/checkout/complete' was loaded over HTTPS, but requested an insecure form action 'http://www.example.com/payment/capture/SOMETOKENVALUE'. This request has been blocked; the content must be served over HTTPS.
如何强制支付/捕获路由到服务器https?我尝试了一些诸如添加
之类的内容 <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
到我的模板并在我的order.yml中设置方案要求:
sylius_shop_order_pay:
path: /{paymentId}/pay
methods: [GET]
defaults:
_controller: sylius.controller.payum:prepareCaptureAction
requirements:
_scheme: https
_sylius:
redirect:
route: sylius_shop_order_after_pay
sylius_shop_order_after_pay:
path: /after-pay
methods: [GET]
defaults:
_controller: sylius.controller.payum:afterCaptureAction
requirements:
_scheme: https
然而,由于实际/支付/捕获路由是在运行时生成的,因此我不确定是否可以将其强制转换为https。
我也尝试过访问控制:
access_control:
- { path: ^/payment, role: ROLE_NO_ACCESS, requires_channel: https}
非常感谢任何帮助。感谢
修改
complete.html.twig:
{{ form_start(form, {'action': path('sylius_shop_checkout_complete'), 'attr': {'class': 'ui loadable form final-step', 'novalidate': 'novalidate', 'target' : 'card-details'}}) }}
{{ form_errors(form) }}
<input type="hidden" name="_method" value="PUT" />
{% include 'SyliusShopBundle:Common/Order:_summary.html.twig' with {'edit': true} %}
{{ form_row(form._token) }}
{{ form_end(form, {'render_rest': false}) }}
<iframe width="100%" height="670px" name="card-details" style="border: none;"></iframe>
checkout.js:
let form = jQuery("form[name='sylius_checkout_complete']");
if (form.length) {
form.submit()
}