Prevent Redirect URL leaking between payment gateways (https://github.com/woocommerce/woocommerce-blocks/pull/5560)

* Reset redirectUrl to blank if not included in response. * Force redirect URL for successful responses * Revert "Force redirect URL for successful responses" This reverts commit 61aae8b459843237b5428be8fa0cdb9500cd0485.
2022-01-20 11:25:40 +00:00 · 2022-01-20 11:25:40 +00:00 · bcba16e4a5
parent dd36c00180
commit bcba16e4a5
2 changed files with 6 additions and 12 deletions
--- a/plugins/woocommerce-blocks/assets/js/base/context/providers/cart-checkout/checkout-state/index.tsx
+++ b/plugins/woocommerce-blocks/assets/js/base/context/providers/cart-checkout/checkout-state/index.tsx
@ -148,12 +148,9 @@ export const CheckoutStateProvider = ( {
 				const paymentResult = getPaymentResultFromCheckoutResponse(
 					response
 				);
-
-				if ( paymentResult.redirectUrl ) {
-					dispatch(
-						actions.setRedirectUrl( paymentResult.redirectUrl )
-					);
-				}
+				dispatch(
+					actions.setRedirectUrl( paymentResult?.redirectUrl || '' )
+				);
 				dispatch( actions.setProcessingResponse( paymentResult ) );
 				dispatch( actions.setAfterProcessing() );
 			},
@ -302,6 +299,7 @@ export const CheckoutStateProvider = ( {
 							// the last observer response always "wins" for success.
 							successResponse = response;
 						}
+
 						if (
 							isErrorResponse( response ) ||
 							isFailResponse( response )
@ -331,8 +329,7 @@ export const CheckoutStateProvider = ( {
 							dispatch( actions.setHasError( true ) );
 						}
 					} else {
-						// nothing hooked in had any response type so let's just
-						// consider successful
+						// nothing hooked in had any response type so let's just consider successful.
 						dispatch( actions.setComplete() );
 					}
 				} );
--- a/plugins/woocommerce-blocks/assets/js/base/context/providers/cart-checkout/checkout-state/reducer.ts
+++ b/plugins/woocommerce-blocks/assets/js/base/context/providers/cart-checkout/checkout-state/reducer.ts
@ -57,11 +57,8 @@ export const reducer = (
 					? {
 							...state,
 							status: STATUS.COMPLETE,
-							// @todo Investigate why redirectURL could be non-truthy and whether this would cause a bug if multiple gateways were used for payment e.g. 1st set the redirect URL but failed, and then the 2nd did not provide a redirect URL and succeeded.
 							redirectUrl:
-								data !== undefined &&
-								typeof data.redirectUrl === 'string' &&
-								data.redirectUrl
+								typeof data?.redirectUrl === 'string'
 									? data.redirectUrl
 									: state.redirectUrl,
 					  }