Skip to content

Comments

fix: minor checkout pains#1155

Open
peelar wants to merge 9 commits intomainfrom
fix/minor-checkout
Open

fix: minor checkout pains#1155
peelar wants to merge 9 commits intomainfrom
fix/minor-checkout

Conversation

@peelar
Copy link
Member

@peelar peelar commented Dec 9, 2025
edited
Loading

Features:

  • Rework login form around a server action + client wrapper to surface errors inline and redirect users back to the active channel after sign-in.
  • Smooth out checkout flows with clearer error parsing, delivery method placeholders, safer Stripe submit, and fixes for sign-in/reset and customer attach refetching.
  • Fixed the bug with not displaying the loading state for delivery methods.

peelar and others added 5 commits December 9, 2025 09:19
@peelar
fix empty alert on forgot password error
87b3cf2
@peelar
fix handle password reset in checkout
97d0154
@peelar
fix login form
d01ba4e
@peelar @claude
Fix: Prevent double-click payment submission vulnerability in Stripe …
1a21781 
…payment form

Changed aria-disabled to disabled attribute on submit button to properly prevent form submission at the DOM level instead of just as an accessibility hint. This fixes a race condition where users could click the submit button multiple times due to async state update delays, causing duplicate payment charges.

The vulnerability occurred because:
1. aria-disabled only hints to screen readers that button is disabled
2. React state updates are batched, so there's a window where the button appears disabled but is still clickable
3. A second click would trigger another transactionInitialize() with the updated checkout amount, creating two separate PaymentIntents and charging the customer twice

This fix prevents the form from being submitted at the HTML level once isLoading is true, eliminating the race condition.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@peelar
fix delivery methods loading
c76a5b8
@peelar peelar self-assigned this Dec 9, 2025
@vercel
Copy link

vercel bot commented Dec 9, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Updated (UTC)
storefront Ready Ready Preview Dec 10, 2025 11:12am

@github-actions
Copy link

github-actions bot commented Dec 10, 2025

Differences Found

✅ No packages or licenses were added.

Summary

Expand
License Name Package Count Packages
0BSD 1
Packages
  • tslib
CC-BY-4.0 1
Packages
  • caniuse-lite
MPL-2.0 1
Packages
  • axe-core
Python-2.0 1
Packages
  • argparse
<<missing>> 2
Packages
  • busboy
  • streamsearch
CC0-1.0 2
Packages
  • language-subtag-registry
  • type-fest
BlueOak-1.0.0 3
Packages
  • jackspeak
  • package-json-from-dist
  • path-scurry
BSD-2-Clause 9
Packages
  • damerau-levenshtein
  • dotenv
  • eslint-scope
  • espree
  • esrecurse
  • estraverse
  • esutils
  • uri-js
  • webidl-conversions
BSD-3-Clause 9
Packages
  • @saleor/auth-sdk
  • asn1js
  • esquery
  • hoist-non-react-statics
  • ieee754
  • immutable
  • saleor-storefront
  • signedsource
  • source-map-js
LGPL-3.0-or-later 14
Packages
  • @img/sharp-libvips-darwin-arm64
  • @img/sharp-libvips-darwin-x64
  • @img/sharp-libvips-linux-arm
  • @img/sharp-libvips-linux-arm64
  • @img/sharp-libvips-linux-ppc64
  • @img/sharp-libvips-linux-riscv64
  • @img/sharp-libvips-linux-s390x
  • @img/sharp-libvips-linux-x64
  • @img/sharp-libvips-linuxmusl-arm64
  • @img/sharp-libvips-linuxmusl-x64
  • @img/sharp-wasm32
  • @img/sharp-win32-arm64
  • @img/sharp-win32-ia32
  • @img/sharp-win32-x64
ISC 36
Packages
  • @isaacs/cliui
  • anymatch
  • cli-width
  • cliui
  • electron-to-chromium
  • eslint-import-resolver-typescript
  • fastq
  • flatted
  • foreground-child
  • fs.realpath
  • get-caller-file
  • glob
  • glob-parent
  • graceful-fs
  • inflight
  • inherits
  • isexe
  • lru-cache
  • lucide-react
  • minimatch
  • And 16 more...
Apache-2.0 43
Packages
  • @ampproject/remapping
  • @eslint/config-array
  • @eslint/config-helpers
  • @eslint/core
  • @eslint/object-schema
  • @eslint/plugin-kit
  • @humanfs/core
  • @humanfs/node
  • @humanwhocodes/module-importer
  • @humanwhocodes/retry
  • @img/sharp-darwin-arm64
  • @img/sharp-darwin-x64
  • @img/sharp-linux-arm
  • @img/sharp-linux-arm64
  • @img/sharp-linux-ppc64
  • @img/sharp-linux-riscv64
  • @img/sharp-linux-s390x
  • @img/sharp-linux-x64
  • @img/sharp-linuxmusl-arm64
  • @img/sharp-linuxmusl-x64
  • And 23 more...
MIT 642
Packages
  • @0no-co/graphql.web
  • @adyen/adyen-web
  • @adyen/api-library
  • @alloc/quick-lru
  • @ardatan/relay-compiler
  • @ardatan/sync-fetch
  • @babel/code-frame
  • @babel/compat-data
  • @babel/core
  • @babel/generator
  • @babel/helper-annotate-as-pure
  • @babel/helper-compilation-targets
  • @babel/helper-create-class-features-plugin
  • @babel/helper-environment-visitor
  • @babel/helper-function-name
  • @babel/helper-hoist-variables
  • @babel/helper-member-expression-to-functions
  • @babel/helper-module-imports
  • @babel/helper-module-transforms
  • @babel/helper-optimise-call-expression
  • And 622 more...

@peelar peelar force-pushed the fix/minor-checkout branch from 99bcc3e to 581fd76 Compare December 10, 2025 09:33
@peelar peelar marked this pull request as ready for review December 10, 2025 11:11
@peelar peelar requested a review from a team as a code owner December 10, 2025 11:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@peelar peelar

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@peelar