This commit is contained in:
nicolas.dorier
2018-05-25 12:55:29 +09:00
parent 01792cf299
commit 789193a0c8

View File

@@ -57,7 +57,7 @@
<p>
<ul>
<li><strong>Build the invoice's url by yourself</strong> do not trust the <code>url</code> field, this can be spoofed to use attacker's server.</li>
<li>Send a the <code>GET</code> request to the invoice's url with <code>Content-Type: application/json</code></li>
<li>Send a <code>GET</code> request to the invoice's url with <code>Content-Type: application/json</code></li>
<li>Verify that the <code>orderId</code> is from your backend, that the <code>price</code> is correct and that <code>status</code> is either <code>confirmed</code> or <code>complete</code></li>
<li>You can then ship your order</li>
</ul>