\n<\/p>\n
In case you are creating or sustaining a checkout web page you would possibly come throughout PCI DSS v4<\/a> which incorporates the next requirement underneath 6.4.3:<\/p>\n All fee web page scripts which are loaded and executed within the client\u2019s browser are managed as follows: One option to adjust to this requirement is to make use of a way like Subresource Integrity (SRI)<\/a>. Nevertheless, the Google Pay JavaScript (pay.js) construct and launch course of doesn’t permit for a long-lived, steady hash required by methods like SRI.<\/p>\n Utilizing a sandboxed iframe<\/a> satisfies any issues with compliance since scripts throughout the iFrame is not going to have entry to the mum or dad DOM. See the next illustration for an instance:<\/p>\n<\/div>\n On this case the area \u201ccdn.somewhereelse.com\u201d would load Google Pay\u2019s pay.js JavaScript file. After a profitable transaction, the inside iframe can talk with the mum or dad web page via mechanisms like window.postMessage()<\/a> if wanted.<\/p>\n To ensure that Google Pay to work in all browsers we’d like the next 4 sandbox attribute values<\/a> along with To permit the iframe to execute scripts (pay.js for instance)<\/p>\n Permits the embedded web page to create ‘baby searching contexts’. In follow, this flag allows the embedded iframe to open new tabs and home windows when the consumer clicks a hyperlink.<\/p>\n If not set, fails on varied events for browsers. If set, the iframe has entry to the mother and father storage and cookies.<\/p>\n Permits kinds such because the Google Pay login to submit the information.<\/p>\n See this<\/a> take a look at web page to see the varied iframe sandbox values in motion.<\/p>\n Google Pay partnered with Shopify to implement the above answer. Shopify was in a position to efficiently go the PCI DSS v4 audit by utilizing a sandboxed iframe to show the Google Pay button. Here’s what Shopify has to say:<\/p>\n We\u2019ve constructed Shopify Checkout in such a manner that Google Pay code executes in a safe sandboxed surroundings, permitting us to keep up the integrity of our checkout and adjust to PCI DSS V4 necessities.<\/i><\/p>\n \u2013<\/p>\n <\/sup><\/i> Ilya Grigorik, Distinguished Engineer at Shopify<\/sup><\/p><\/blockquote>\n For extra info on how Shopify constructed their checkout answer utilizing sandboxed iframes, their \u201cPowering Shopify\u2019s Excessive-Efficiency, PCI DSS v4 Compliant Checkout with Sandboxing\u201d<\/a> weblog put up has the insights.<\/p>\n Wrapping your Google Pay integration in a sandboxed iframe will help you to adjust to PCI DSS v4 necessities. For extra help along with your implementation, register to the Google Pay & Pockets Console to create a assist ticket. As well as, you possibly can be a part of the developer group within the #funds channel on Discord<\/a>.<\/p>\n Observe @GooglePayDevs<\/a> on X for future updates. When you’ve got questions, tag @GooglePayDevs<\/a> and embrace #AskGooglePayDevs in your tweets.<\/p>\n<\/div>\n <\/script> In case you are creating or sustaining a checkout web page you would possibly come throughout PCI DSS v4 which incorporates the next requirement underneath 6.4.3: All fee web page scripts which are loaded and executed within the client\u2019s browser are managed as follows:– A technique is applied to verify that every script is allowed.– […]<\/p>\n","protected":false},"author":2,"featured_media":3499,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[56],"tags":[278,3279,81,3277,2436,3278,3276],"class_list":["post-3497","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-software","tag-compliance","tag-dss","tag-google","tag-iframe","tag-pay","tag-pci","tag-sandboxed"],"_links":{"self":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/3497","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3497"}],"version-history":[{"count":1,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/3497\/revisions"}],"predecessor-version":[{"id":3498,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/3497\/revisions\/3498"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/media\/3499"}],"wp:attachment":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3497"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3497"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3497"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
– A technique is applied to verify that every script is allowed.
– A technique is applied to guarantee the integrity of every script.
– A listing of all scripts is maintained with written enterprise or technical justification as to why every is critical.<\/sup><\/i><\/p><\/blockquote>\n
<\/b>Utilizing a sandboxed iframe<\/h2>\npermit=\u201dfee\u201d<\/code><\/b>:<\/p>\n
<\/b>Shopify efficiently licensed for PCI DSS v4<\/h2>\n
<\/b>Conclusion<\/h2>\n
\n
<\/p>\n","protected":false},"excerpt":{"rendered":"