checkout-sdk-js icon indicating copy to clipboard operation
checkout-sdk-js copied to clipboard

Published 20 hours ago verified publisher icon bigcommerce

executeSpamCheck now being called automatically?

Open flyingL123 opened this issue 4 years ago • 11 comments

In my checkout I had been manually calling executeSpamCheck when they payment step was loaded. It's nice to be in control of when this method is called. For example, I can check that the application is in production before executing the spam check. Now I all of a sudden am finding that when I try to submit my order during local development, the spam check is being called automatically for me by the SDK, which always fails from localhost.

This means I can't place test orders during development unless I disable spam protection for the entire store.

Can someone please advice why I am no longer able to manually control whether or not exectuteSpamCheck is called? Is this the way things are going to remain?

flyingL123 avatar Jul 14 '20 19:07 flyingL123

We have released an automatic BOT protection platform wise. This is not enabled by default, it's only triggered when fraudulent activity is detected, e.g: multiple failed payments. Maybe this is what you are experiencing?

lpschz avatar Jul 15 '20 01:07 lpschz

@capsula4 From what I'm seeing that is not accurate for 2 reason:

  1. The automatic spam check does NOT take place if I disable checkout reCAPTCHA from within the BigCommerce control panel. When you say you have released automatic BOT protection platform wide, does that depend on the setting in the control panel, or is it supposed to ignore that?

  2. Nothing I am doing should indicate fraudulent activity. Submitting the order fails on the very first attempt when I try to place an order from the local stencil storefront (localhost:3000). You can see the error from the /spam-protection endpoint in the following screenshots is causing the order submission to fail:

Screen Shot 2020-07-14 at 10 07 53 PM Screen Shot 2020-07-14 at 10 08 14 PM

Are you able to successfully submit an order from localhost?

flyingL123 avatar Jul 15 '20 02:07 flyingL123

The automatic spam check does NOT take place if I disable checkout reCAPTCHA from within the BigCommerce control panel. When you say you have released automatic BOT protection platform wide, does that depend on the setting in the control panel, or is it supposed to ignore that? The new setting ignores the CP setting. However the new recaptcha is executed during the payment step when suspicious activity is detected.

The spam protection request seems to be failing due to rate limiting. You might be calling the endpoint too soon? You could reset it by creating a new cart.

lpschz avatar Jul 23 '20 03:07 lpschz

@capsula4 I still can not sort this out. I can no longer find any way to successfully place an order from my store in development mode because the spam check always returns a rate limit response, which is clearly not true because it happens the very first time I try to place an order:

image

In development, I am not manually calling the spam check at all. The call you see in the screenshot that is returning the error is the one the SDK is triggering automatically, completely out of my control. It always returns this error response.

Have you tried placing an order yourself in development mode with the same settings? I have this box checked in Advanced Settings > Checkout:

image

And I have input my recaptcha credentials in Store Setup > Store Settings:

Screen Shot 2020-09-08 at 1 06 09 PM

Something is clearly broken here. Please help. It is very difficult to develop and troubleshoot the checkout when I can't place an order in development.

flyingL123 avatar Sep 08 '20 17:09 flyingL123

As soon as I disable this setting, the problem goes away:

image

flyingL123 avatar Sep 08 '20 17:09 flyingL123

@capsula4 has anyone been able to review this? I am completely unable to place an order in development. The request always fails with the settings in place as described above. This happens even using the default BigCommerce checkout, not the customized one through the SDK.

flyingL123 avatar Sep 16 '20 18:09 flyingL123

Hi @flyingL123, we're aware of the issue. It affects local development using Stencil CLI because we perform a domain validation behind the scene. i.e.: localhost is not one of the configured domains of your store, as a result, the request is rejected. We're looking into addressing the compatibility issue with Stencil CLI. In the meantime, you may have to temporarily disable the checkout reCaptcha feature in your sandbox store while testing your custom checkout with Stencil CLI. Alternatively, you may choose to test your custom checkout without Stencil CLI - either by uploading the theme to your sandbox store, or migrate to our new/recommended way of installing custom checkouts through Control Panel.

davidchin avatar Sep 22 '20 08:09 davidchin

Thanks for the info @davidchin

flyingL123 avatar Sep 22 '20 13:09 flyingL123

We have created an internal ticket to track this issue. CHECKOUT-4855

lpschz avatar Nov 26 '20 04:11 lpschz

Hi, do you have any updates on this issue?

szygendab avatar Aug 22 '22 14:08 szygendab

Hey @szygendab this issue has been resolved for a while now, you might need to be on the latest stencil version to test that.

animesh1987 avatar Aug 23 '22 10:08 animesh1987

closing this as resolved

bc-0dp avatar Feb 15 '24 12:02 bc-0dp