Allow supplying custom card information, fixes #213, #40 #221
Conversation
|
|
||
| import '../config.dart'; | ||
|
|
||
| class CustomCardPaymentScreen extends StatefulWidget { |
There was a problem hiding this comment.
I personally think we should not add an example for this. Reason is that I noticed not a lot of people understand the seriousness of PCI complaince and not a lot read the docs.
There was a problem hiding this comment.
I disagree - it's a very important part for Android users that cannot update to the latest Flutter, not mentioning that it's not even fixed properly there yet
There was a problem hiding this comment.
plus the CardField still has limited styling capabilities
There was a problem hiding this comment.
I agree with @remonh87. We should be careful about making this so open. People will go and copy this code and use it in their apps without understanding completely the consequences of it
There was a problem hiding this comment.
so what do you propose? what are the alternatives?
| children: [ | ||
| Padding( | ||
| padding: EdgeInsets.all(16), | ||
| child: Text( |
There was a problem hiding this comment.
Or if you feel the need to add an example add a huge disclaimer in the text e.g.: Using the method dangerouslyUpdateCArdDetails implies that you are not using the PCI compliant native Stripe elements. You need to arrange PCI compliance within your organisation for more info see: “ https://stripe.com/en-se/guides/pci-compliance”
There was a problem hiding this comment.
it's part of the method documentation and method name itself - I feel that that's enough
There was a problem hiding this comment.
Add in the header plus menu entry “warning not PCI compliant”
example/lib/screens/screens.dart
Outdated
| @@ -28,6 +29,10 @@ class Example { | |||
| title: 'Card payment without webhooks', | |||
| builder: (c) => NoWebhookPaymentScreen(), | |||
| ), | |||
| Example( | |||
| title: 'Card payment with Flutter native card input', | |||
There was a problem hiding this comment.
Maybe add here the term (PCI compliant)
There was a problem hiding this comment.
what exactly do you mean? Do you mean to add "(not PCI compliant)"?
| /// PCI compliance requirements. Make sure that you're not mistakenly logging | ||
| /// or storing full card details! See the docs for | ||
| /// details: https://stripe.com/docs/security/guide#validating-pci-compliance | ||
| Future<void> dangerouslyUpdateCardDetails(CardDetails card) async { |
Yes, it's not perfect due to creating a fake Android / iOS native view (not added to the view hierarchy) but doing it properly would require major refactoring on the React Native side as well. Please tell me if you have a better idea 👍