4

I'm asking here because there seem to be zero resources online about this kind of thing. I've built an single page e-commerce website that uses Stripe, Laravel, VueJS, Vue Router and Vuex.

Everything works perfectly. This is the checkout process for the payment:

  1. User enters card details using Stripe Elements which generates a Stripe card token (from within an iframe, so no PCI issues there)
  2. This card token is then given to the server through an AJAX request, where it stores the card token against the order in the database
  3. When the user clicks "confirm", the charge is completed using the stored card token

I can't seem to find any other websites that use checkout SPAs so my question is, can you see any potential security issues here? I've been debating whether to just rebuild this thing using the traditional approach, but the way it works currently is seamless and so easy to use.

user373688
  • 41
  • 1
  • Many traditional ecommerce sites do checkout on one page, no? – Xiong Chiamiov Mar 29 '17 at 14:42
  • @XiongChiamiov Yes, I believe they do - but they're a single page in the sense that it's all on one page. I'm talking about an actual Single Page Application using Vue, React or Angular. – user373688 Mar 29 '17 at 14:46
  • 2
    has the code gone through any kind of deep analysis or attack testing to make sure it's not got any risks? Just asking if a single page app has security risks is broad and kind of like asking "What do you do to protect your computer" to the general public - without deeper code analysis and attack testing against the web app page, it's impossible to answer in any type of "narrow scope" – Thomas Ward Mar 31 '17 at 07:14

0 Answers0