Skip to content

Comments

fix: minor checkout pains#1155

Open
peelar wants to merge 9 commits intomainfrom
fix/minor-checkout
Open

fix: minor checkout pains#1155
peelar wants to merge 9 commits intomainfrom
fix/minor-checkout

Conversation

@peelar
Copy link
Member

@peelar peelar commented Dec 9, 2025

Features:

  • Rework login form around a server action + client wrapper to surface errors inline and redirect users back to the active channel after sign-in.
  • Smooth out checkout flows with clearer error parsing, delivery method placeholders, safer Stripe submit, and fixes for sign-in/reset and customer attach refetching.
  • Fixed the bug with not displaying the loading state for delivery methods.

peelar and others added 5 commits December 9, 2025 09:19
…payment form

Changed aria-disabled to disabled attribute on submit button to properly prevent form submission at the DOM level instead of just as an accessibility hint. This fixes a race condition where users could click the submit button multiple times due to async state update delays, causing duplicate payment charges.

The vulnerability occurred because:
1. aria-disabled only hints to screen readers that button is disabled
2. React state updates are batched, so there's a window where the button appears disabled but is still clickable
3. A second click would trigger another transactionInitialize() with the updated checkout amount, creating two separate PaymentIntents and charging the customer twice

This fix prevents the form from being submitted at the HTML level once isLoading is true, eliminating the race condition.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@peelar peelar self-assigned this Dec 9, 2025
@vercel
Copy link

vercel bot commented Dec 9, 2025

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Updated (UTC)
storefront Ready Ready Preview Dec 10, 2025 11:12am

@github-actions
Copy link

Differences Found

✅ No packages or licenses were added.

Summary

Expand
License Name Package Count Packages
0BSD 1
Packages
  • tslib
CC-BY-4.0 1
Packages
  • caniuse-lite
MPL-2.0 1
Packages
  • axe-core
Python-2.0 1
Packages
  • argparse
<<missing>> 2
Packages
  • busboy
  • streamsearch
CC0-1.0 2
Packages
  • language-subtag-registry
  • type-fest
BlueOak-1.0.0 3
Packages
  • jackspeak
  • package-json-from-dist
  • path-scurry
BSD-2-Clause 9
Packages
  • damerau-levenshtein
  • dotenv
  • eslint-scope
  • espree
  • esrecurse
  • estraverse
  • esutils
  • uri-js
  • webidl-conversions
BSD-3-Clause 9
Packages
  • @saleor/auth-sdk
  • asn1js
  • esquery
  • hoist-non-react-statics
  • ieee754
  • immutable
  • saleor-storefront
  • signedsource
  • source-map-js
LGPL-3.0-or-later 14
Packages
  • @img/sharp-libvips-darwin-arm64
  • @img/sharp-libvips-darwin-x64
  • @img/sharp-libvips-linux-arm
  • @img/sharp-libvips-linux-arm64
  • @img/sharp-libvips-linux-ppc64
  • @img/sharp-libvips-linux-riscv64
  • @img/sharp-libvips-linux-s390x
  • @img/sharp-libvips-linux-x64
  • @img/sharp-libvips-linuxmusl-arm64
  • @img/sharp-libvips-linuxmusl-x64
  • @img/sharp-wasm32
  • @img/sharp-win32-arm64
  • @img/sharp-win32-ia32
  • @img/sharp-win32-x64
ISC 36
Packages
  • @isaacs/cliui
  • anymatch
  • cli-width
  • cliui
  • electron-to-chromium
  • eslint-import-resolver-typescript
  • fastq
  • flatted
  • foreground-child
  • fs.realpath
  • get-caller-file
  • glob
  • glob-parent
  • graceful-fs
  • inflight
  • inherits
  • isexe
  • lru-cache
  • lucide-react
  • minimatch
  • And 16 more...
Apache-2.0 43
Packages
  • @ampproject/remapping
  • @eslint/config-array
  • @eslint/config-helpers
  • @eslint/core
  • @eslint/object-schema
  • @eslint/plugin-kit
  • @humanfs/core
  • @humanfs/node
  • @humanwhocodes/module-importer
  • @humanwhocodes/retry
  • @img/sharp-darwin-arm64
  • @img/sharp-darwin-x64
  • @img/sharp-linux-arm
  • @img/sharp-linux-arm64
  • @img/sharp-linux-ppc64
  • @img/sharp-linux-riscv64
  • @img/sharp-linux-s390x
  • @img/sharp-linux-x64
  • @img/sharp-linuxmusl-arm64
  • @img/sharp-linuxmusl-x64
  • And 23 more...
MIT 642
Packages
  • @0no-co/graphql.web
  • @adyen/adyen-web
  • @adyen/api-library
  • @alloc/quick-lru
  • @ardatan/relay-compiler
  • @ardatan/sync-fetch
  • @babel/code-frame
  • @babel/compat-data
  • @babel/core
  • @babel/generator
  • @babel/helper-annotate-as-pure
  • @babel/helper-compilation-targets
  • @babel/helper-create-class-features-plugin
  • @babel/helper-environment-visitor
  • @babel/helper-function-name
  • @babel/helper-hoist-variables
  • @babel/helper-member-expression-to-functions
  • @babel/helper-module-imports
  • @babel/helper-module-transforms
  • @babel/helper-optimise-call-expression
  • And 622 more...

@peelar peelar marked this pull request as ready for review December 10, 2025 11:11
@peelar peelar requested a review from a team as a code owner December 10, 2025 11:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant