Announcement

**Mike Hughes** · 12-Aug-2024, 08:37 AM

Hi Jonathan,

This isn't the problem where ClearAccept cannot be run in test mode is it?

**zgap111** · 12-Aug-2024, 08:50 AM

I had this problem a while back... (a problem with v18.2.2)
I can see this:

Our developer has found several reports of ‘invalid phone number’ on both sites. This is due to ClearAccept phone number validation. There is no need for the phone number to be passed to ClearAccept. We cannot guarantee that this is the problem that the buyer encountered but it is the only CA error in the recent logs and it happens on both sites. Please take appropriate backup before making the changes.

Edit OCCClearAccept.pl in the site CommonOCC folder
Search for

{'BillContact'}{'PHONE'}

This will match on 2 lines, delete both lines. The 2 lines will be

$hParams->{'paymentMethod'}{'billingDetails'}{'phone'} = $pContacts->{'BillContact'}{'PHONE'};

and

$hParams->{'customerInfo'}{'phoneNumber'} = $pContacts->{'BillContact'}{'PHONE'};

Save the file and update the site. Please monitor and let me know if this helps.

I remember the code wasn't 100% a match to their instructions but I kind of understood what needed to be done

I hashed the two lines:

Click image for larger version Name: SDCS-62143 - Two Lines of Code Hashed Out.png Views: 0 Size: 73.2 KB ID: 557406

and I also see this later on:

The phone number probably causes an error before the card fields are displayed.. Our developer has come out with another idea. To avoid having to upgrade to 18.2.3 to get the better error reporting, I have attached a Design Snapshot that will change a single layout ‘Clear Accept Fields’. The change corrects the error reporting that may occur when the buyer clicks Confirm, this is where ATM the 'object, object' message occurs and should now give a meaningful message.

I recommend making a copy of the current layout and then taking a snapshot before importing the design snapshot

This design snapshot may be applied to any 18.2.2 site to improve the error reporting.

Attached copy (cannot upload *.acd, so you need to rename it back)

Attached Files

SDCS-62143 (0a215e30-3da9-4db9-a6da-c5e793564d4f).zip (7.4 KB, 20 views)

**graphicz** · 12-Aug-2024, 10:20 AM

Hi Mike - It is in production mode.
And I am afraid the PHONE fix didn't help either

**graphicz** · 12-Aug-2024, 10:28 AM

Gary sent me the same fix and his didn't work either!

Another little ClearAccept rush of optimism turning to nothing - again...

**zgap111** · 12-Aug-2024, 11:42 AM

Searching my emails I found this...

Click image for larger version

Name: 2024-08-12_12-25-51 - Object Object.png
Views: 50
Size: 30.8 KB
ID: 557410

But this one only popped up occasionally when troubleshooting why the card fields took over 12 to 20 seconds to appear
(on a VPS server = setup due to getting PCI-DSS compliant, there's no animated "wait" indicators = customers how were in a hurry abandoned and chose Bank Transfer)
- even with the design snapshot applied, it was still giving this vague description for the error.

The phone one was the result of them seeing it in the logs - hopefully they can again.

I know SellerdeckPay is more finicky with the data (eg. non-UK characters in the name/address, not using ISO_3166-1 country codes) compared to the sunsetted Sellerdeck Payments.

**graphicz** · 12-Aug-2024, 12:48 PM

Well MeaCulpa - My Bad

I placed security headers in the htaccess file and two lines were missing a colon compared to Gary's KB post:

Code:

Header set X-Content-Type-Options "nosniff"
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"

Versus

Code:

Header set X-Content-Type-Options: "nosniff"
Header always set Strict-Transport-Security: "max-age=63072000; includeSubDomains"

Strange as I sourced mine off the interweb - hey ho

All now works with these headers:

Code:

# Security Headers
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
Header always set X-Frame-Options "SAMEORIGIN"
Header set Content-Security-Policy: "frame-ancestors 'none'"
Header set X-Content-Type-Options: "nosniff"
Header always set Strict-Transport-Security: "max-age=63072000; includeSubDomains"
Header set Referrer-Policy "strict-origin-when-cross-origin"
Header always set Permissions-Policy "accelerometer=(self), camera=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), payment=(self), usb=(self)"
</IfModule>

And A+ at https://securityheaders.com

**EdHarrison** · 12-Aug-2024, 01:23 PM

Would this possibly be why my security headers failed to verify?

Unfortunately I raised a ticket but got advised to try to find someone more familiar with ht access. (Despite them being my host)!

**graphicz** · 12-Aug-2024, 01:59 PM

I have edited my post at https://community.sellerdeck.com/for...143#post557143 to include the errant colons.

At present Ed you have Gary's headers at https://community.sellerdeck.com/for...can-compliance in your htaccess

**EdHarrison** · 12-Aug-2024, 03:03 PM

Oh brilliant so they are working OK hopefully?

Thank you

**graphicz** · 12-Aug-2024, 03:56 PM

You can test at https://securityheaders.com/

**zgap111** · 13-Aug-2024, 08:50 AM

The colon! Well done.

I only had one line that had a colon

Header set Content-Security-Policy: "frame-ancestors 'none'"

I've changed all to have a colon, scan still is green and hopefully no (new) problems.

**graphicz** · 13-Aug-2024, 09:20 AM

It's a bit crazy because those headers were sourced from the internet as they were and passed securityheaders.com.

What a nightmare we have had imposed upon us...

Announcement

Clearaccept fields not displaying correctly and [object Object] overlay

Clearaccept fields not displaying correctly and [object Object] overlay

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment