javascript info

Author: 0xNe0x1

docs/payments/donations/button.md

@@ -204,6 +204,22 @@ let verified = await verify({
 
 if(!verified){ throw('Request was not authentic!') }
 ```
+:::info
+Always validate the unmodified raw request body. Many JavaScript frameworks automatically parse and alter the payload when using `req.body`, which can cause signature verification to fail. Ensure you access the raw, unprocessed data to guarantee accurate signature recovery:
+```javascript
+app.use(express.json({
+  verify: (req, res, buf, encoding) => {
+    req.rawBody = buf.toString(encoding);
+  }
+}));
+
+let verified = await verify({
+  signature: req.headers['x-signature'],
+  data: req.rawBody,
+  publicKey,
+});
+```
+:::
 
 </TabItem>
 

docs/payments/donations/link.md

@@ -153,6 +153,22 @@ let verified = await verify({
 
 if(!verified){ throw('Request was not authentic!') }
 ```
+:::info
+Always validate the unmodified raw request body. Many JavaScript frameworks automatically parse and alter the payload when using `req.body`, which can cause signature verification to fail. Ensure you access the raw, unprocessed data to guarantee accurate signature recovery:
+```javascript
+app.use(express.json({
+  verify: (req, res, buf, encoding) => {
+    req.rawBody = buf.toString(encoding);
+  }
+}));
+
+let verified = await verify({
+  signature: req.headers['x-signature'],
+  data: req.rawBody,
+  publicKey,
+});
+```
+:::
 
 </TabItem>
 

docs/payments/donations/widget.md

@@ -325,6 +325,22 @@ let verified = await verify({
 
 if(!verified){ throw('Request was not authentic!') }
 ```
+:::info
+Always validate the unmodified raw request body. Many JavaScript frameworks automatically parse and alter the payload when using `req.body`, which can cause signature verification to fail. Ensure you access the raw, unprocessed data to guarantee accurate signature recovery:
+```javascript
+app.use(express.json({
+  verify: (req, res, buf, encoding) => {
+    req.rawBody = buf.toString(encoding);
+  }
+}));
+
+let verified = await verify({
+  signature: req.headers['x-signature'],
+  data: req.rawBody,
+  publicKey,
+});
+```
+:::
 
 </TabItem>
 

docs/payments/integrate/button.md

@@ -221,6 +221,22 @@ let verified = await verify({
 
 if(!verified){ throw('Request was not authentic!') }
 ```
+:::info
+Always validate the unmodified raw request body. Many JavaScript frameworks automatically parse and alter the payload when using `req.body`, which can cause signature verification to fail. Ensure you access the raw, unprocessed data to guarantee accurate signature recovery:
+```javascript
+app.use(express.json({
+  verify: (req, res, buf, encoding) => {
+    req.rawBody = buf.toString(encoding);
+  }
+}));
+
+let verified = await verify({
+  signature: req.headers['x-signature'],
+  data: req.rawBody,
+  publicKey,
+});
+```
+:::
 
 </TabItem>
 

docs/payments/integrate/link.md

@@ -374,6 +374,22 @@ let verified = await verify({
 
 if(!verified){ throw('Request was not authentic!') }
 ```
+:::info
+Always validate the unmodified raw request body. Many JavaScript frameworks automatically parse and alter the payload when using `req.body`, which can cause signature verification to fail. Ensure you access the raw, unprocessed data to guarantee accurate signature recovery:
+```javascript
+app.use(express.json({
+  verify: (req, res, buf, encoding) => {
+    req.rawBody = buf.toString(encoding);
+  }
+}));
+
+let verified = await verify({
+  signature: req.headers['x-signature'],
+  data: req.rawBody,
+  publicKey,
+});
+```
+:::
 
 </TabItem>
 

docs/payments/tips/button.md

@@ -205,6 +205,23 @@ let verified = await verify({
 if(!verified){ throw('Request was not authentic!') }
 ```
 
+:::info
+Always validate the unmodified raw request body. Many JavaScript frameworks automatically parse and alter the payload when using `req.body`, which can cause signature verification to fail. Ensure you access the raw, unprocessed data to guarantee accurate signature recovery:
+```javascript
+app.use(express.json({
+  verify: (req, res, buf, encoding) => {
+    req.rawBody = buf.toString(encoding);
+  }
+}));
+
+let verified = await verify({
+  signature: req.headers['x-signature'],
+  data: req.rawBody,
+  publicKey,
+});
+```
+:::
+
 </TabItem>
 
 <TabItem value="java" label="Java" default>

docs/payments/tips/link.md

@@ -147,6 +147,22 @@ let verified = await verify({
 
 if(!verified){ throw('Request was not authentic!') }
 ```
+:::info
+Always validate the unmodified raw request body. Many JavaScript frameworks automatically parse and alter the payload when using `req.body`, which can cause signature verification to fail. Ensure you access the raw, unprocessed data to guarantee accurate signature recovery:
+```javascript
+app.use(express.json({
+  verify: (req, res, buf, encoding) => {
+    req.rawBody = buf.toString(encoding);
+  }
+}));
+
+let verified = await verify({
+  signature: req.headers['x-signature'],
+  data: req.rawBody,
+  publicKey,
+});
+```
+:::
 
 </TabItem>
 

docs/payments/tips/widget.md

@@ -325,6 +325,22 @@ let verified = await verify({
 
 if(!verified){ throw('Request was not authentic!') }
 ```
+:::info
+Always validate the unmodified raw request body. Many JavaScript frameworks automatically parse and alter the payload when using `req.body`, which can cause signature verification to fail. Ensure you access the raw, unprocessed data to guarantee accurate signature recovery:
+```javascript
+app.use(express.json({
+  verify: (req, res, buf, encoding) => {
+    req.rawBody = buf.toString(encoding);
+  }
+}));
+
+let verified = await verify({
+  signature: req.headers['x-signature'],
+  data: req.rawBody,
+  publicKey,
+});
+```
+:::
 
 </TabItem>