Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

All inputs created with type="tel" #9

Open
aloneartist opened this issue Sep 5, 2019 · 5 comments
Open

All inputs created with type="tel" #9

aloneartist opened this issue Sep 5, 2019 · 5 comments

Comments

@aloneartist
Copy link

All iframe input fields are created with type="tel", see:

input.setAttribute("type", type === "button" ? "button" : "tel");

This causes issue for alphanumeric fields(like card holder name) on modern mobile devices.
User is not able to fill such fields properly, as on mobile devices such field will switch keyboard layout to "phone", allowing only numeric values to be typed in.

@slogsdon
Copy link
Contributor

@aloneartist We are working on an update to address this. A short-term solution is below:

  • Hide the card-holder-name iframe container
  • Add a new regular input for the card holder name
    • example: <input id="cardholder-name-source">
  • Adjust your JavaScript. Important changes are below:
// new variable
var cardHolderNameIframe;

cardForm.ready(function(fields) {
  // this is a new line to get a reference to the card-holder-name iframe once the form is ready
  cardHolderNameIframe = fields['card-holder-name'];
});

// this is new code to capture changes to your new card holder name input
document.getElementById("cardholder-name-source").addEventListener("input", (e) => {
  if (!cardHolderNameIframe) {
    return;
  }

  // pipe the new value to the card-holder-name iframe
  cardHolderNameIframe.setValue(e.currentTarget.value);
});

These changes should get you going and not introduce any additional PCI-DSS scope to your integration.

Please let us know if there are any questions/concerns.

@JamesB7
Copy link

JamesB7 commented Sep 16, 2019

How far can this go without introducing PCI-DSS issues? Is it just a question of ensuring that my server never receives the credit card information? I would very much like to make Chrome able to autofill the credit card data, but this styling can't be done with the iframe elements on their own.

@slogsdon
Copy link
Contributor

@aloneartist Small update. We have the necessary changes in place to correct the input type for the card holder name. We're currently under an organization-wide code freeze, but once that's lifted, we are looking to get this change pushed out to production. We'll circle back around once it's available.

@JamesB7 While technically possible to expand the above solution for the card holder name to the card data fields (card number, expiration date, security code, and submit button), this will alter your PCI-DSS scope and compliance requirements since the card holder is no longer entering their card data into a Heartland / Global Payments controlled environment. As noted in #5, our next production deployment will allow for both PaymentRequest and credit card auto-fill from the browsers that support those.

@JamesB7
Copy link

JamesB7 commented Sep 17, 2019

Excellent. Around when is this expected to happen? Thanks!

@slogsdon
Copy link
Contributor

slogsdon commented Oct 8, 2019

Apologies for the delay. We had some unforeseen restrictions put in place internally that added time to our deployment. This has been pushed out to our production environment. The latest version is now 1.3.0 available at:

https://api2.heartlandportico.com/SecureSubmit.v1/token/gp-1.3.0/globalpayments.js

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants