Skip to content

W-21432256: Few follow up fixes to address Basket V2-V1 gaps and content security policy headers #3728

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
amittapalli merged 10 commits into from
Mar 6, 2026
Merged

W-21432256: Few follow up fixes to address Basket V2-V1 gaps and content security policy headers #3728

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
5494666
W-21432256 Continue addressing code review comments
amittapalli Mar 6, 2026
497a4c9
W-21432256 cleanup content security policy headers
amittapalli Mar 6, 2026
9a49666
W-21432256 fix a missed lint
amittapalli Mar 6, 2026
79d79eb
W-21432256 fixed couple more linting
amittapalli Mar 6, 2026
8a44c05
W-21432256 update change log
amittapalli Mar 6, 2026
7a17308
W-21432256 update another change log
amittapalli Mar 6, 2026
21c6f31
W-21432256 additional comment in ssr.js
amittapalli Mar 6, 2026
2cf865e
Merge remote-tracking branch 'origin/develop' into amittapalli/sfp-fo…
amittapalli Mar 6, 2026
ccf6af6
W-21432256 push another changelog update
amittapalli Mar 6, 2026
52c3523
W-21432256 update query key cache for baskets v2
amittapalli Mar 6, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion packages/commerce-sdk-react/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
## v5.1.0-dev
- Bump commerce-sdk-isomorphic to 5.1.0
- Bump commerce-sdk-isomorphic to 5.1.0 [#3725] (https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3725)
- Add Node 24 support. Drop Node 16 support. [#3652](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3652)
- Add Shopper Consents API support [#3674](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3674)

Expand Down
2 changes: 1 addition & 1 deletion packages/commerce-sdk-react/src/hooks/ShopperBasketsV2/index.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ import {cacheUpdateMatrix} from './cache'
import {ShopperBasketsMutations as mutations} from './mutation'
import * as queries from './query'

describe('Shopper Baskets hooks', () => {
describe('Shopper Baskets V2 hooks', () => {
test('all endpoints have hooks', () => {
// unimplemented = SDK method exists, but no query hook or value in mutations enum
const unimplemented = getUnimplementedEndpoints(ShopperBasketsV2, queries, mutations)
Expand Down
2 changes: 1 addition & 1 deletion packages/commerce-sdk-react/src/hooks/ShopperBasketsV2/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2023, Salesforce, Inc.
* Copyright (c) 2026, Salesforce, Inc.
* All rights reserved.
* SPDX-License-Identifier: BSD-3-Clause
* For full license text, see the LICENSE file in the repo root or https://opensource.org/licenses/BSD-3-Clause
Expand Down
2 changes: 1 addition & 1 deletion packages/commerce-sdk-react/src/hooks/ShopperBasketsV2/mutation.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -203,7 +203,7 @@ const emptyResponseTestCases = [
// Most test cases only apply to non-empty response test cases, some (error handling) can include deleteBasket
const allTestCases = [...nonEmptyResponseTestCases, ...emptyResponseTestCases]

describe('ShopperBaskets mutations', () => {
describe('ShopperBasketsV2 mutations', () => {
const storedCustomerIdKey = `customer_id_${DEFAULT_TEST_CONFIG.siteId}`
beforeAll(() => {
// Make sure we don't accidentally overwrite something before setting up our test state
Expand Down
12 changes: 6 additions & 6 deletions packages/commerce-sdk-react/src/hooks/ShopperBasketsV2/mutation.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,8 @@ const CLIENT_KEY = CLIENT_KEYS.SHOPPER_BASKETS_V2
type Client = NonNullable<ApiClients[typeof CLIENT_KEY]>

/**
* Mutations available for Shopper Baskets.
* @group ShopperBaskets
* Mutations available for Shopper Baskets V2.
* @group ShopperBasketsV2
* @category Mutation
* @enum
*/
Expand Down Expand Up @@ -165,16 +165,16 @@ export const ShopperBasketsMutations = {
} as const

/**
* Type for Shopper Baskets Mutation.
* @group ShopperBaskets
* Type for Shopper Baskets V2 Mutation.
* @group ShopperBasketsV2
* @category Mutation
*/
export type ShopperBasketsMutation =
(typeof ShopperBasketsMutations)[keyof typeof ShopperBasketsMutations]

/**
* Mutation hook for Shopper Baskets.
* @group ShopperBaskets
* Mutation hook for Shopper Baskets V2.
* @group ShopperBasketsV2
* @category Mutation
*/
export function useShopperBasketsMutation<Mutation extends ShopperBasketsMutation>(
Expand Down
2 changes: 1 addition & 1 deletion packages/commerce-sdk-react/src/hooks/ShopperBasketsV2/query.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ const testMap: TestMap = {
}
// Type assertion is necessary because `Object.entries` is limited
const testCases = Object.entries(testMap) as Array<[keyof TestMap, TestMap[keyof TestMap]]>
describe('Shopper Baskets query hooks', () => {
describe('Shopper Baskets V2 query hooks', () => {
beforeEach(() => nock.cleanAll())
afterEach(() => {
expect(nock.pendingMocks()).toHaveLength(0)
Expand Down
20 changes: 10 additions & 10 deletions packages/commerce-sdk-react/src/hooks/ShopperBasketsV2/query.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,11 @@ type Client = NonNullable<ApiClients[typeof CLIENT_KEY]>

/**
* Gets a basket.
* @group ShopperBaskets
* @group ShopperBasketsV2
* @category Query
* @parameter apiOptions - Options to pass through to `commerce-sdk-isomorphic`, with `null` accepted for unset API parameters.
* @parameter queryOptions - TanStack Query query options, with `enabled` by default set to check that all required API parameters have been set.
* @returns A TanStack Query query hook with data from the Shopper Baskets `getBasket` endpoint.
* @returns A TanStack Query query hook with data from the Shopper Baskets V2 `getBasket` endpoint.
* @see {@link https://developer.salesforce.com/docs/commerce/commerce-api/references/shopper-baskets?meta=getBasket| Salesforce Developer Center} for more information about the API endpoint.
* @see {@link https://salesforcecommercecloud.github.io/commerce-sdk-isomorphic/classes/shopperbaskets.shopperbaskets-1.html#getbasket | `commerce-sdk-isomorphic` documentation} for more information on the parameters and returned data type.
* @see {@link https://tanstack.com/query/latest/docs/react/reference/useQuery | TanStack Query `useQuery` reference} for more information about the return value.
Expand Down Expand Up @@ -63,11 +63,11 @@ export const useBasket = (
}
/**
* Gets applicable payment methods for an existing basket considering the open payment amount only.
* @group ShopperBaskets
* @group ShopperBasketsV2
* @category Query
* @parameter apiOptions - Options to pass through to `commerce-sdk-isomorphic`, with `null` accepted for unset API parameters.
* @parameter queryOptions - TanStack Query query options, with `enabled` by default set to check that all required API parameters have been set.
* @returns A TanStack Query query hook with data from the Shopper Baskets `getPaymentMethodsForBasket` endpoint.
* @returns A TanStack Query query hook with data from the Shopper Baskets V2 `getPaymentMethodsForBasket` endpoint.
* @see {@link https://developer.salesforce.com/docs/commerce/commerce-api/references/shopper-baskets?meta=getPaymentMethodsForBasket| Salesforce Developer Center} for more information about the API endpoint.
* @see {@link https://salesforcecommercecloud.github.io/commerce-sdk-isomorphic/classes/shopperbaskets.shopperbaskets-1.html#getpaymentmethodsforbasket | `commerce-sdk-isomorphic` documentation} for more information on the parameters and returned data type.
* @see {@link https://tanstack.com/query/latest/docs/react/reference/useQuery | TanStack Query `useQuery` reference} for more information about the return value.
Expand Down Expand Up @@ -108,11 +108,11 @@ export const usePaymentMethodsForBasket = (
}
/**
* Gets applicable price books for an existing basket.
* @group ShopperBaskets
* @group ShopperBasketsV2
* @category Query
* @parameter apiOptions - Options to pass through to `commerce-sdk-isomorphic`, with `null` accepted for unset API parameters.
* @parameter queryOptions - TanStack Query query options, with `enabled` by default set to check that all required API parameters have been set.
* @returns A TanStack Query query hook with data from the Shopper Baskets `getPriceBooksForBasket` endpoint.
* @returns A TanStack Query query hook with data from the Shopper Baskets V2 `getPriceBooksForBasket` endpoint.
* @see {@link https://developer.salesforce.com/docs/commerce/commerce-api/references/shopper-baskets?meta=getPriceBooksForBasket| Salesforce Developer Center} for more information about the API endpoint.
* @see {@link https://salesforcecommercecloud.github.io/commerce-sdk-isomorphic/classes/shopperbaskets.shopperbaskets-1.html#getpricebooksforbasket | `commerce-sdk-isomorphic` documentation} for more information on the parameters and returned data type.
* @see {@link https://tanstack.com/query/latest/docs/react/reference/useQuery | TanStack Query `useQuery` reference} for more information about the return value.
Expand Down Expand Up @@ -153,11 +153,11 @@ export const usePriceBooksForBasket = (
}
/**
* Gets the applicable shipping methods for a certain shipment of a basket.
* @group ShopperBaskets
* @group ShopperBasketsV2
* @category Query
* @parameter apiOptions - Options to pass through to `commerce-sdk-isomorphic`, with `null` accepted for unset API parameters.
* @parameter queryOptions - TanStack Query query options, with `enabled` by default set to check that all required API parameters have been set.
* @returns A TanStack Query query hook with data from the Shopper Baskets `getShippingMethodsForShipment` endpoint.
* @returns A TanStack Query query hook with data from the Shopper Baskets V2 `getShippingMethodsForShipment` endpoint.
* @see {@link https://developer.salesforce.com/docs/commerce/commerce-api/references/shopper-baskets?meta=getShippingMethodsForShipment| Salesforce Developer Center} for more information about the API endpoint.
* @see {@link https://salesforcecommercecloud.github.io/commerce-sdk-isomorphic/classes/shopperbaskets.shopperbaskets-1.html#getshippingmethodsforshipment | `commerce-sdk-isomorphic` documentation} for more information on the parameters and returned data type.
* @see {@link https://tanstack.com/query/latest/docs/react/reference/useQuery | TanStack Query `useQuery` reference} for more information about the return value.
Expand Down Expand Up @@ -198,11 +198,11 @@ export const useShippingMethodsForShipment = (
}
/**
* This method gives you the external taxation data set by the PUT taxes API. This endpoint can be called only if external taxation mode was used for basket creation. See POST /baskets for more information.
* @group ShopperBaskets
* @group ShopperBasketsV2
* @category Query
* @parameter apiOptions - Options to pass through to `commerce-sdk-isomorphic`, with `null` accepted for unset API parameters.
* @parameter queryOptions - TanStack Query query options, with `enabled` by default set to check that all required API parameters have been set.
* @returns A TanStack Query query hook with data from the Shopper Baskets `getTaxesFromBasket` endpoint.
* @returns A TanStack Query query hook with data from the Shopper Baskets V2 `getTaxesFromBasket` endpoint.
* @see {@link https://developer.salesforce.com/docs/commerce/commerce-api/references/shopper-baskets?meta=getTaxesFromBasket| Salesforce Developer Center} for more information about the API endpoint.
* @see {@link https://salesforcecommercecloud.github.io/commerce-sdk-isomorphic/classes/shopperbaskets.shopperbaskets-1.html#gettaxesfrombasket | `commerce-sdk-isomorphic` documentation} for more information on the parameters and returned data type.
* @see {@link https://tanstack.com/query/latest/docs/react/reference/useQuery | TanStack Query `useQuery` reference} for more information about the return value.
Expand Down
20 changes: 10 additions & 10 deletions packages/commerce-sdk-react/src/hooks/ShopperBasketsV2/queryKeyHelpers.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,15 +16,15 @@ export type QueryKeys = {
'/commerce-sdk-react',
'/organizations/',
string | undefined,
'/baskets/',
'/baskets/v2',
string | undefined,
Params<'getBasket'>
]
getPaymentMethodsForBasket: [
'/commerce-sdk-react',
'/organizations/',
string | undefined,
'/baskets/',
'/baskets/v2',
Copy link
Contributor

@vmarta vmarta Mar 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@joeluong-sfcc do we need the slash '/' at the end or not? Wondering why previously it had the slash at the end

Copy link
Contributor

@vmarta vmarta Mar 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@amittapalli please add the trailing slash to all the query keys for consistency sake. Yes, functionally, it doesn't matter because query key is just a string (not url). But we have an existing pattern/convention, which only this file does not follow. It may be confusing later in the future for us and the end users.

The Convention in This Codebase

  Looking at both files, there's a clear and deliberate pattern for trailing slashes:

  - Trailing slash → a dynamic ID segment follows immediately after
  - No trailing slash → it's a terminal static segment
                                                                                                           In ShopperBaskets:
  '/baskets/',   <-- trailing slash: basketId follows
  basketId,
  '/shipments/', <-- trailing slash: shipmentId follows
  shipmentId,
  '/payment-methods'  <-- no slash: terminal

  In ShopperBasketsV2:
  '/baskets/v2',  <-- NO trailing slash, but basketId still follows  ← inconsistent
  basketId,

  So yes, /baskets/v2 should be /baskets/v2/ to be consistent with the established convention.

  TanStack Query Best Practices (from tkdodo.eu)

  TanStack Query docs don't prescribe a specific string format — keys are opaque array tuples. The
  community best practices focus on:
  1. Hierarchy from generic → specific (which this codebase does well)
  2. Consistency within a project (which is the issue here)

  The URL-path-like format in this codebase is a local convention, not a TanStack recommendation. Since
  the strings are purely used as cache key identifiers (not as actual URLs), trailing slash consistency
  is entirely a project-style concern — but it matters because path() returns a prefix used for cache
  invalidation. An inconsistent format could cause confusion about what's intentional.

  Recommendation

  Fix the inconsistency in ShopperBasketsV2/queryKeyHelpers.ts: change /baskets/v2 → /baskets/v2/ (in
  both the QueryKeys type and all path() implementations). This aligns with the codebase's own convention
   that trailing slashes signal "a dynamic ID follows."

Copy link
Collaborator

@jeffraab-sfdc jeffraab-sfdc Mar 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might be good to consider a lint rule for this, if that's possible. Not for this case but for future development.

string | undefined,
'/payment-methods',
Params<'getPaymentMethodsForBasket'>
Expand All @@ -33,7 +33,7 @@ export type QueryKeys = {
'/commerce-sdk-react',
'/organizations/',
string | undefined,
'/baskets/',
'/baskets/v2',
string | undefined,
'/price-books',
Params<'getPriceBooksForBasket'>
Expand All @@ -42,7 +42,7 @@ export type QueryKeys = {
'/commerce-sdk-react',
'/organizations/',
string | undefined,
'/baskets/',
'/baskets/v2',
string | undefined,
'/shipments/',
string | undefined,
Expand All @@ -53,7 +53,7 @@ export type QueryKeys = {
'/commerce-sdk-react',
'/organizations/',
string | undefined,
'/baskets/',
'/baskets/v2',
string | undefined,
'/taxes',
Params<'getTaxesFromBasket'>
Expand All @@ -74,7 +74,7 @@ export const getBasket: QueryKeyHelper<'getBasket'> = {
'/commerce-sdk-react',
'/organizations/',
params?.organizationId,
'/baskets/',
'/baskets/v2',
params?.basketId
],
queryKey: (params: Params<'getBasket'>) => {
Expand All @@ -90,7 +90,7 @@ export const getPaymentMethodsForBasket: QueryKeyHelper<'getPaymentMethodsForBas
'/commerce-sdk-react',
'/organizations/',
params?.organizationId,
'/baskets/',
'/baskets/v2',
params?.basketId,
'/payment-methods'
],
Expand All @@ -107,7 +107,7 @@ export const getPriceBooksForBasket: QueryKeyHelper<'getPriceBooksForBasket'> =
'/commerce-sdk-react',
'/organizations/',
params?.organizationId,
'/baskets/',
'/baskets/v2',
params?.basketId,
'/price-books'
],
Expand All @@ -124,7 +124,7 @@ export const getShippingMethodsForShipment: QueryKeyHelper<'getShippingMethodsFo
'/commerce-sdk-react',
'/organizations/',
params?.organizationId,
'/baskets/',
'/baskets/v2',
params?.basketId,
'/shipments/',
params?.shipmentId,
Expand All @@ -143,7 +143,7 @@ export const getTaxesFromBasket: QueryKeyHelper<'getTaxesFromBasket'> = {
'/commerce-sdk-react',
'/organizations/',
params?.organizationId,
'/baskets/',
'/baskets/v2',
params?.basketId,
'/taxes'
],
Expand Down
2 changes: 1 addition & 1 deletion packages/pwa-kit-create-app/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
## v3.17.0-dev
- Add Salesforce Payments configuration to generated projects
- Add Salesforce Payments configuration to generated projects [#3725] (https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3725)
- Clear verdaccio npm cache during project generation [#3652](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3652)
- Add Node 24 support, remove legacy `url` module import. Drop Node 16 support [#3652](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3652)

Expand Down
7 changes: 3 additions & 4 deletions packages/pwa-kit-create-app/assets/bootstrap/js/config/default.js.hbs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,10 +160,9 @@ module.exports = {
// Salesforce Payments configuration
// Set enabled to true to enable Salesforce Payments (requires the Salesforce Payments feature toggle to be enabled on the Commerce Cloud instance).
// Set enabled to false to disable Salesforce Payments on the storefront (the Commerce Cloud feature toggle is unaffected).
// sdkUrl and metadataUrl are hosted on your Commerce Cloud instance. Replace <hostname> with your instance hostname.
// This may be a demandware.net hostname (e.g., myinstance.unified.demandware.net) or a vanity/custom hostname.
// sdkUrl: 'https://<hostname>/on/demandware.static/Sites-Site/-/-/internal/jscript/sfp/v1/sfp.js'
// metadataUrl: 'https://<hostname>/on/demandware.static/Sites-Site/-/-/internal/metadata/v1.json'
// Set the sdkUrl and metadataUrl values to point to your Commerce Cloud instance host by replacing the [bm_or_vanity_host] placeholder with your Business Manager or vanity URL host name.
// sdkUrl: 'https://[bm_or_vanity_host]/on/demandware.static/Sites-Site/-/-/internal/jscript/sfp/v1/sfp.js'
// metadataUrl: 'https://[bm_or_vanity_host]/on/demandware.static/Sites-Site/-/-/internal/metadata/v1.json'
sfPayments: {
enabled: false,
sdkUrl: '',
Expand Down
17 changes: 13 additions & 4 deletions packages/pwa-kit-create-app/assets/bootstrap/js/overrides/app/ssr.js.hbs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,14 @@ const options = {
port: 3000,

// The protocol on which the development Express app listens.
// Set DEV_SERVER_PROTOCOL to 'https' for HTTPS; defaults to 'http' when unset.
// Note that http://localhost is treated as a secure context for development,
// except by Safari.
protocol: 'http',
protocol: process.env.DEV_SERVER_PROTOCOL || 'http',

// Optional. Path to SSL certificate (.pem) for HTTPS development. Typically a
// self-signed cert for localhost; set DEV_SERVER_SSL_FILE_PATH when using https.
sslFilePath: process.env.DEV_SERVER_SSL_FILE_PATH,

// Option for whether to set up a special endpoint for handling
// private SLAS clients
Expand Down Expand Up @@ -346,7 +351,9 @@ const {handler} = runtime.createHandler(options, (app) => {
// Default source for product images - replace with your CDN
'*.commercecloud.salesforce.com',
'*.demandware.net',
'*.adyen.com' // Payment gateways
'*.adyen.com', // Payment gateways
'pay.google.com', // Google Pay payment handler icon
'www.gstatic.com' // optional, if icon is on gstatic
],
'script-src': [
// Used by the service worker in /worker/main.js
Expand Down Expand Up @@ -378,8 +385,10 @@ const {handler} = runtime.createHandler(options, (app) => {
'*.paypal.com',
'pay.google.com',
'payments.google.com',
'google.com',
'www.google.com'
'google.com/pay',
'google.com/pay/',
Copy link

@sf-mkosak sf-mkosak Mar 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are these both needed?

Copy link
Contributor Author

@amittapalli amittapalli Mar 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added them based on what I saw in the browser for CSP errors

Copy link
Contributor

@vmarta vmarta Mar 6, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When specifying a path for the CSP header, a trailing slash is significant. It means like matching the any requests that start with this path.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy?authuser=0#host-source

Paths that end in / match any path they are a prefix of. For example:
example.com/api/ will permit resources from example.com/api/users/new.

Paths that do not end in / are matched exactly. For example:
https://example.com/file.js permits resources from https://example.com/file.js but not https://example.com/file.js/file2.js.

So I'm guessing google.com/pay/ is sufficient, unless there's a request specifically for exactly google.com/pay.

'www.google.com/pay',
'www.google.com/pay/'
Copy link

@sf-mkosak sf-mkosak Mar 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess same question. Do we need www. and google.com? Just want to confirm.

Copy link
Contributor Author

@amittapalli amittapalli Mar 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added them based on what I saw in the browser for CSP errors. It would help if someone else can run the checks during our testing phase or locally. We initially had *.google.com which is not safe but google pay seems to be depending on several url patterns

],
'frame-src': [
// Allow frames from Salesforce site.com (Needed for MIAW)
Expand Down
17 changes: 13 additions & 4 deletions packages/pwa-kit-create-app/assets/templates/@salesforce/retail-react-app/app/ssr.js.hbs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,14 @@ const options = {
port: 3000,

// The protocol on which the development Express app listens.
// Set DEV_SERVER_PROTOCOL to 'https' for HTTPS; defaults to 'http' when unset.
// Note that http://localhost is treated as a secure context for development,
// except by Safari.
protocol: 'http',
protocol: process.env.DEV_SERVER_PROTOCOL || 'http',

// Optional. Path to SSL certificate (.pem) for HTTPS development. Typically a
// self-signed cert for localhost; set DEV_SERVER_SSL_FILE_PATH when using https.
sslFilePath: process.env.DEV_SERVER_SSL_FILE_PATH,

// Option for whether to set up a special endpoint for handling
// private SLAS clients
Expand Down Expand Up @@ -346,7 +351,9 @@ const {handler} = runtime.createHandler(options, (app) => {
// Default source for product images - replace with your CDN
'*.commercecloud.salesforce.com',
'*.demandware.net',
'*.adyen.com' // Payment gateways
'*.adyen.com', // Payment gateways
'pay.google.com', // Google Pay payment handler icon
'www.gstatic.com' // optional, if icon is on gstatic
],
'script-src': [
// Used by the service worker in /worker/main.js
Expand Down Expand Up @@ -378,8 +385,10 @@ const {handler} = runtime.createHandler(options, (app) => {
'*.paypal.com',
'pay.google.com',
'payments.google.com',
'google.com',
'www.google.com'
'google.com/pay',
'google.com/pay/',
'www.google.com/pay',
'www.google.com/pay/'
],
'frame-src': [
// Allow frames from Salesforce site.com (Needed for MIAW)
Expand Down
7 changes: 3 additions & 4 deletions ...es/pwa-kit-create-app/assets/templates/@salesforce/retail-react-app/config/default.js.hbs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,10 +160,9 @@ module.exports = {
// Salesforce Payments configuration
// Set enabled to true to enable Salesforce Payments (requires the Salesforce Payments feature toggle to be enabled on the Commerce Cloud instance).
// Set enabled to false to disable Salesforce Payments on the storefront (the Commerce Cloud feature toggle is unaffected).
// sdkUrl and metadataUrl are hosted on your Commerce Cloud instance. Replace <hostname> with your instance hostname.
// This may be a demandware.net hostname (e.g., myinstance.unified.demandware.net) or a vanity/custom hostname.
// sdkUrl: 'https://<hostname>/on/demandware.static/Sites-Site/-/-/internal/jscript/sfp/v1/sfp.js'
// metadataUrl: 'https://<hostname>/on/demandware.static/Sites-Site/-/-/internal/metadata/v1.json'
// Set the sdkUrl and metadataUrl values to point to your Commerce Cloud instance host by replacing the [bm_or_vanity_host] placeholder with your Business Manager or vanity URL host name.
// sdkUrl: 'https://[bm_or_vanity_host]/on/demandware.static/Sites-Site/-/-/internal/jscript/sfp/v1/sfp.js'
// metadataUrl: 'https://[bm_or_vanity_host]/on/demandware.static/Sites-Site/-/-/internal/metadata/v1.json'
sfPayments: {
enabled: false,
sdkUrl: '',
Expand Down
2 changes: 1 addition & 1 deletion packages/template-retail-react-app/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
## v9.1.0-dev
- [Feature] Add Salesforce Payments support in checkout
- [Feature] Add Salesforce Payments support in checkout [#3725] (https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3725)
- Update jest-fetch-mock and Jest 29 dependencies [#3663](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3663)
- Add Node 24 support. Drop Node 16 support [#3652](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3652)
- [Bugfix] Fix error toast for no applicable shipping methods in one-click checkout [#3673](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3673)
Expand Down
Loading
Loading