goread icon indicating copy to clipboard operation
goread copied to clipboard

Published 20 hours ago verified publisher icon mjibson

Make subscriptions / donations page HTTPS (+ add PayPal/Flattr option)

Open study2k10 opened this issue 11 years ago • 5 comments

I just checked out the "Upgrade" page, and unfortunately I don't have a credit card to either subscribe or donate. Since I plan to donate money in the future (to value your development effort) I'd like to do this via PayPal and/or Flattr.

Also I noticed that the actual credit card form page seems to be insecure (e.g. no HTTPS / certificate), even if there's a text in the lower right saying it's a "Secure Connection". Maybe this is due to embedding the process into Go Read's pages? I don't feel very confident with those pages at the moment really ...

study2k10 avatar Jul 12 '13 10:07 study2k10

It's secured through stripe, one of the most secure ways to do credit card payments. They handle all PCI compliance and security. No CC data ever passes through my servers, and there is no way for me to even request CC information. This all happens in a secured AJAX request. However, adding HTTPS to ease people's concerns (and a MITM attack) would be good, yes.

I will never support paypal. I'm considering google wallet if enough people ask for it. Flattr I've never heard of. Leaving this open for HTTPS support.

maddyblue avatar Jul 12 '13 15:07 maddyblue

I would be interested in seeing Google Wallet support, they also handle PCI compliance as well as allow subscriptions.

vendion avatar Aug 22 '13 12:08 vendion

So I just paid with Stripe and it's stuck on this screen and I'm still getting ads. :(

-316

haacked avatar Sep 04 '13 22:09 haacked

goread still thinks you have a free account, and there's no record of you in stripe. Also, I see no requests to the checkout route on your user for the last 17 minutes. (That's the oldest log for your user.) Don't try again - it's broken at the moment.

Getting ads is surprising, since I removed them completely some weeks ago.

Update: stripe got your cc info, but it appears that goread never then requested a payment on it. Since I didn't see any server requests, I suspect this is a javascript error. Yes, I tried to sub on my own account and got the same behavior. Will fix.

maddyblue avatar Sep 04 '13 22:09 maddyblue

This has been fixed. Minor API change in angularjs caused the ajax request to be only queued and not sent. I believe it would have worked had you clicked on anything, which would have run the queues.

maddyblue avatar Sep 05 '13 03:09 maddyblue