我有两个脚本,一个用于计算购物车中商品的总数,另一个用于将变量传递给PayPal API。是否可以将此变量从购物车脚本传递到PayPal脚本,而无需他人能够从控制台更改其值?否则,人们将能够确定他们想为物品支付多少并将信息发送到PayPal。这是我的代码:
购物车:
```
var total = 0; //Total for all the items in the shopping cart, value is passed off to paypal-buttons.js to complete the checkout.
// Calculates values items in cart depending on quantity
function addData(clicked_id, quantity) {
var price = values[clicked_id].price;
var qty = document.getElementById(quantity).value;
var lineTotal = price * qty;
total += lineTotal;
document.getElementById("total").innerHTML = total;
addRow(clicked_id, qty, lineTotal);
}
PayPal:
paypal.Buttons({
style: {
shape: 'rect',
color: 'gold',
layout: 'vertical',
label: 'checkout',
},
createOrder: function(data, actions) {
return actions.order.create({
purchase_units: [{
amount: {
value: total
}
}]
});
},
onApprove: function(data, actions) {
return actions.order.capture().then(function(details) {
alert('Thank you for your order ' + details.payer.name.given_name + ', your equipment is on its way!');
});
}
}).render('#paypal-button-container');
我想将“ total”的值从购物车发送到PayPal。我可能会尝试使用混淆处理作为部分解决方案,但我希望它比那时更安全。
防止恶意客户端更改的唯一方法是切换到服务器端集成,以进行API调用来设置和捕获付款。这是UI的演示模式:
https://developer.paypal.com/demo/checkout/#/pattern/server
这里是从服务器实施必需的v2 / orders API调用的指南:
https://developer.paypal.com/docs/checkout/reference/server-integration/