SalesforceCommerceCloud
diff --git a/‎packages/commerce-sdk-react/package-lock.json‎
Lines changed: 4 additions & 7 deletions b/‎packages/commerce-sdk-react/package-lock.json‎
Lines changed: 4 additions & 7 deletions
diff --git a/‎packages/commerce-sdk-react/package.json‎
Lines changed: 1 addition & 1 deletion b/‎packages/commerce-sdk-react/package.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/pwa-kit-create-app/assets/bootstrap/js/config/default.js.hbs‎
Lines changed: 9 additions & 0 deletions b/‎packages/pwa-kit-create-app/assets/bootstrap/js/config/default.js.hbs‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎packages/pwa-kit-create-app/assets/bootstrap/js/overrides/app/ssr.js.hbs‎
Lines changed: 79 additions & 4 deletions b/‎packages/pwa-kit-create-app/assets/bootstrap/js/overrides/app/ssr.js.hbs‎
Lines changed: 79 additions & 4 deletions
diff --git a/‎packages/pwa-kit-create-app/assets/templates/@salesforce/retail-react-app/app/ssr.js.hbs‎
Lines changed: 79 additions & 4 deletions b/‎packages/pwa-kit-create-app/assets/templates/@salesforce/retail-react-app/app/ssr.js.hbs‎
Lines changed: 79 additions & 4 deletions
diff --git a/‎packages/pwa-kit-create-app/assets/templates/@salesforce/retail-react-app/config/default.js.hbs‎
Lines changed: 9 additions & 0 deletions b/‎packages/pwa-kit-create-app/assets/templates/@salesforce/retail-react-app/config/default.js.hbs‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎packages/template-retail-react-app/app/components/_app-config/index.jsx‎
Lines changed: 1 addition & 1 deletion b/‎packages/template-retail-react-app/app/components/_app-config/index.jsx‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/template-retail-react-app/app/components/forms/useAddressFields.jsx‎
Lines changed: 19 additions & 9 deletions b/‎packages/template-retail-react-app/app/components/forms/useAddressFields.jsx‎
Lines changed: 19 additions & 9 deletions
@@ -40,7 +40,7 @@
     "version": "node ./scripts/version.js"
   },
   "dependencies": {
-    "commerce-sdk-isomorphic": "5.0.0",
+    "commerce-sdk-isomorphic": "5.1.0-unstable-20260226081656",
     "js-cookie": "^3.0.1",
     "jwt-decode": "^4.0.0"
   },
 
@@ -157,6 +157,15 @@ module.exports = {
                 groupBonusProductsWithQualifyingProduct: true
             }
         },
+        // Salesforce Payments configuration
+        // Set enabled to false to disable Salesforce Payments even if the Commerce Cloud instance supports it.
+        // Example URLs: sdkUrl: 'https://<instance>.unified.demandware.net/on/demandware.static/Sites-Site/-/-/internal/jscript/sfp/v1/sfp.js'
+        //               metadataUrl: 'https://<instance>.unified.demandware.net/on/demandware.static/Sites-Site/-/-/internal/metadata/v1.json'
+        sfPayments: {
+            enabled: true,
+            sdkUrl: '',
+            metadataUrl: ''
+        },    
         // Google Cloud api config
         googleCloudAPI: {
             apiKey: process.env.GOOGLE_CLOUD_API_KEY
 
@@ -10,6 +10,7 @@
 import crypto from 'crypto'
 import express from 'express'
 import helmet from 'helmet'
+import https from 'https'
 import {createRemoteJWKSet as joseCreateRemoteJWKSet, jwtVerify, decodeJwt} from 'jose'
 import path from 'path'
 import {getRuntime} from '@salesforce/pwa-kit-runtime/ssr/server/express'
@@ -345,14 +346,21 @@ const {handler} = runtime.createHandler(options, (app) => {
             'img-src': [
                 // Default source for product images - replace with your CDN
                 '*.commercecloud.salesforce.com',
-                '*.demandware.net'
+                '*.demandware.net',
+                '*.adyen.com' // Payment gateways
             ],
             'script-src': [
                 // Used by the service worker in /worker/main.js
                 'storage.googleapis.com',
                 // Connect to Google Cloud APIs
                 'maps.googleapis.com',
-                'places.googleapis.com'
+                'places.googleapis.com',
+                // Payment gateways
+                '*.stripe.com',
+                '*.paypal.com',
+                '*.adyen.com',
+                '*.google.com',
+                '*.demandware.net', // Used to load a valid payment scripts in test environment
             ],
             'connect-src': [
                 // Connect to Einstein APIs
@@ -363,11 +371,20 @@ const {handler} = runtime.createHandler(options, (app) => {
                 'maps.googleapis.com',
                 'places.googleapis.com',
                 // Connect to SCRT2 URLs
-                '*.salesforce-scrt.com'
+                '*.salesforce-scrt.com',
+                // Payment gateways   
+                '*.demandware.net', // Used to load a valid payment scripts in test environment
+                '*.adyen.com',
+                '*.google.com'
             ],
             'frame-src': [
                 // Allow frames from Salesforce site.com (Needed for MIAW)
-                '*.site.com'
+                '*.site.com',
+                // Payment gateways
+                '*.stripe.com',
+                '*.paypal.com',
+                '*.google.com',
+                '*.adyen.com'
             ]
         }
     }
@@ -429,6 +446,64 @@ const {handler} = runtime.createHandler(options, (app) => {
     app.get('/favicon.ico', runtime.serveStaticFile('static/ico/favicon.ico'))
 
     app.get('/worker.js(.map)?', runtime.serveServiceWorker)
+
+    // Helper function to transform relative icon paths to absolute URLs
+    function transformIconPaths(data, ecomServerHost) {
+        const baseUrl = `https://${ecomServerHost}/on/demandware.static/Sites-Site/-/-/internal`
+        const dataStr = JSON.stringify(data)
+        // Replace all relative icon paths with absolute URLs
+        const transformedStr = dataStr.replace(/"src":\s*"\/icons\//g, `"src":"${baseUrl}/icons/`)
+        return JSON.parse(transformedStr)
+    }
+
+    app.get('/api/payment-metadata', async (req, res) => {
+        try {
+            // Parse the URL to extract hostname and path
+            const url = new URL(config.app.sfPayments.metadataUrl)
+            // Use Node's https module instead of fetch
+            const data = await new Promise((resolve, reject) => {
+                const options = {
+                    hostname: url.hostname,
+                    path: url.pathname,
+                    method: 'GET',
+                    rejectUnauthorized: false, // This bypasses SSL verification
+                    headers: {
+                        Accept: 'application/json'
+                    }
+                }
+
+                const req = https.request(options, (response) => {
+                    let data = ''
+                    response.on('data', (chunk) => {
+                        data += chunk
+                    })
+                    response.on('end', () => {
+                        try {
+                            resolve(JSON.parse(data))
+                        } catch (e) {
+                            reject(e)
+                        }
+                    })
+                })
+
+                req.on('error', reject)
+                req.end()
+            })
+
+            // Transform relative icon paths to absolute URLs
+            const transformedData = transformIconPaths(data, url.hostname)
+
+            res.setHeader('Access-Control-Allow-Origin', '*')
+            res.setHeader('Content-Type', 'application/json')
+            res.json(transformedData)
+        } catch (error) {
+            res.status(500).json({
+                error: 'Failed to fetch metadata',
+                details: error.message
+            })
+        }   
+    })
+    
     app.get('*', runtime.render)
 })
 // SSR requires that we export a single handler function called 'get', that
 
@@ -10,6 +10,7 @@
 import crypto from 'crypto'
 import express from 'express'
 import helmet from 'helmet'
+import https from 'https'
 import {createRemoteJWKSet as joseCreateRemoteJWKSet, jwtVerify, decodeJwt} from 'jose'
 import path from 'path'
 import {getRuntime} from '@salesforce/pwa-kit-runtime/ssr/server/express'
@@ -345,14 +346,21 @@ const {handler} = runtime.createHandler(options, (app) => {
             'img-src': [
                 // Default source for product images - replace with your CDN
                 '*.commercecloud.salesforce.com',
-                '*.demandware.net'
+                '*.demandware.net',
+                '*.adyen.com' // Payment gateways
             ],
             'script-src': [
                 // Used by the service worker in /worker/main.js
                 'storage.googleapis.com',
                 // Connect to Google Cloud APIs
                 'maps.googleapis.com',
-                'places.googleapis.com'
+                'places.googleapis.com',
+                // Payment gateways
+                '*.stripe.com',
+                '*.paypal.com',
+                '*.adyen.com',
+                '*.google.com',
+                '*.demandware.net', // Used to load a valid payment scripts in test environment
             ],
             'connect-src': [
                 // Connect to Einstein APIs
@@ -363,11 +371,20 @@ const {handler} = runtime.createHandler(options, (app) => {
                 'maps.googleapis.com',
                 'places.googleapis.com',
                 // Connect to SCRT2 URLs
-                '*.salesforce-scrt.com'
+                '*.salesforce-scrt.com',
+                // Payment gateways   
+                '*.demandware.net', // Used to load a valid payment scripts in test environment
+                '*.adyen.com',
+                '*.google.com'
             ],
             'frame-src': [
                 // Allow frames from Salesforce site.com (Needed for MIAW)
-                '*.site.com'
+                '*.site.com',
+                // Payment gateways
+                '*.stripe.com',
+                '*.paypal.com',
+                '*.google.com',
+                '*.adyen.com'
             ]
         }
     }
@@ -429,6 +446,64 @@ const {handler} = runtime.createHandler(options, (app) => {
     app.get('/favicon.ico', runtime.serveStaticFile('static/ico/favicon.ico'))
 
     app.get('/worker.js(.map)?', runtime.serveServiceWorker)
+
+    // Helper function to transform relative icon paths to absolute URLs
+    function transformIconPaths(data, ecomServerHost) {
+        const baseUrl = `https://${ecomServerHost}/on/demandware.static/Sites-Site/-/-/internal`
+        const dataStr = JSON.stringify(data)
+        // Replace all relative icon paths with absolute URLs
+        const transformedStr = dataStr.replace(/"src":\s*"\/icons\//g, `"src":"${baseUrl}/icons/`)
+        return JSON.parse(transformedStr)
+    }
+
+    app.get('/api/payment-metadata', async (req, res) => {
+        try {
+            // Parse the URL to extract hostname and path
+            const url = new URL(config.app.sfPayments.metadataUrl)
+            // Use Node's https module instead of fetch
+            const data = await new Promise((resolve, reject) => {
+                const options = {
+                    hostname: url.hostname,
+                    path: url.pathname,
+                    method: 'GET',
+                    rejectUnauthorized: false, // This bypasses SSL verification
+                    headers: {
+                        Accept: 'application/json'
+                    }
+                }
+
+                const req = https.request(options, (response) => {
+                    let data = ''
+                    response.on('data', (chunk) => {
+                        data += chunk
+                    })
+                    response.on('end', () => {
+                        try {
+                            resolve(JSON.parse(data))
+                        } catch (e) {
+                            reject(e)
+                        }
+                    })
+                })
+
+                req.on('error', reject)
+                req.end()
+            })
+
+            // Transform relative icon paths to absolute URLs
+            const transformedData = transformIconPaths(data, url.hostname)
+
+            res.setHeader('Access-Control-Allow-Origin', '*')
+            res.setHeader('Content-Type', 'application/json')
+            res.json(transformedData)
+        } catch (error) {
+            res.status(500).json({
+                error: 'Failed to fetch metadata',
+                details: error.message
+            })
+        }
+    })
+
     app.get('*', runtime.render)
 })
 // SSR requires that we export a single handler function called 'get', that
 
@@ -157,6 +157,15 @@ module.exports = {
                 groupBonusProductsWithQualifyingProduct: true
             }
         },
+        // Salesforce Payments configuration
+        // Set enabled to false to disable Salesforce Payments even if the Commerce Cloud instance supports it.
+        // Example URLs: sdkUrl: 'https://<instance>.unified.demandware.net/on/demandware.static/Sites-Site/-/-/internal/jscript/sfp/v1/sfp.js'
+        //               metadataUrl: 'https://<instance>.unified.demandware.net/on/demandware.static/Sites-Site/-/-/internal/metadata/v1.json'
+        sfPayments: {
+            enabled: true,
+            sdkUrl: '',
+            metadataUrl: ''
+        },  
         // Google Cloud api config
         googleCloudAPI: {
             apiKey: process.env.GOOGLE_CLOUD_API_KEY
 
@@ -107,7 +107,7 @@ const AppConfig = ({children, locals = {}}) => {
             defaultDnt={DEFAULT_DNT_STATE}
             // Set 'enablePWAKitPrivateClient' to true to use SLAS private client login flows.
             // Make sure to also enable useSLASPrivateClient in ssr.js when enabling this setting.
-            enablePWAKitPrivateClient={true}
+            enablePWAKitPrivateClient={false}
             privateClientProxyEndpoint={slasPrivateClientProxyEndpoint}
             // Uncomment 'hybridAuthEnabled' if the current site has Hybrid Auth enabled. Do NOT set this flag for hybrid storefronts using Plugin SLAS.
             // hybridAuthEnabled={true}
 
@@ -288,40 +288,50 @@ export default function useAddressFields({
             name: `${prefix}stateCode`,
             label: formatMessage(countryCode === 'CA' ? messages.province : messages.state),
             defaultValue: '',
-            type: 'select',
-            options: [
-                {value: '', label: ''},
-                ...(countryCode === 'CA' ? provinceOptions : stateOptions)
-            ],
+            type: countryCode === 'US' || countryCode === 'CA' ? 'select' : 'text',
+            options:
+                countryCode === 'US' || countryCode === 'CA'
+                    ? [
+                          {value: '', label: ''},
+                          ...(countryCode === 'CA' ? provinceOptions : stateOptions)
+                      ]
+                    : undefined,
             rules: {
                 required:
                     countryCode === 'CA'
                         ? 'Please select your province.' // FYI we won't translate this
-                        : formatMessage({
+                        : countryCode === 'US'
+                        ? formatMessage({
                               defaultMessage: 'Please select your state.',
                               id: 'use_address_fields.error.please_select_your_state_or_province',
                               description: 'Error message for a blank state (US-specific checkout)'
                           })
+                        : false
             },
             error: errors[`${prefix}stateCode`],
             control
         },
         postalCode: {
             name: `${prefix}postalCode`,
-            label: formatMessage(countryCode === 'CA' ? messages.postalCode : messages.zipCode),
+            label: formatMessage(countryCode === 'US' ? messages.zipCode : messages.postalCode),
             defaultValue: '',
             type: 'text',
             autoComplete: 'postal-code',
             rules: {
                 required:
                     countryCode === 'CA'
-                        ? 'Please enter your postal code.' // FYI we won't translate this
-                        : formatMessage({
+                        ? 'Please enter your postal code.'
+                        : countryCode === 'US'
+                        ? formatMessage({
                               defaultMessage: 'Please enter your zip code.',
                               id: 'use_address_fields.error.please_enter_your_postal_or_zip',
                               description:
                                   'Error message for a blank zip code (US-specific checkout)'
                           })
+                        : formatMessage({
+                              defaultMessage: 'Please enter your postal code.',
+                              id: 'use_address_fields.error.please_enter_postal_code'
+                          })
             },
             error: errors[`${prefix}postalCode`],
             control