Upgrade jQuery to version 3.4.0 or higher.

[AndyC]

Hi

I am trying to pass my certificate to be able to take money via my website directly.and am now down to my last 3.

Quoted from my host company that has been helping me

Quote

Upgrade jQuery to version 3.4.0 or higher. This includes versions of jQuery used on the root domain, subdomain, or imported/sourced libraries.
this involves the process where your site developer should identify the code in your site related to jQuery and make sure that there are no versions prior to jQuery 3.4. In many cases, this could be resolved also by installing the latest versions of the themes and the plugins and extensions that are used on the site.

How can I go about finding these . I suppose if it's a module I will have to either disable or remove it till it's higher
 

[Traumflug]

It's certainly not as simple as clicking an 'update' button. thirty bees comes with a plethora of jQuery related files, one can update only all or nothing.

On top of this, jQuery 3 is similar, but not entirely compatible with jQuery 1. There are compatibility files for mitigating the distinction.

That said, jQuery 1.12 is considered to be safe (and compatible with the current 1.11.1). A request to update to 3.4 looks like a simple "use always the highest version number"-policy, without looking at the actual risks.

[haylau]

5 hours ago, AndyC said:

Hi

I am trying to pass my certificate to be able to take money via my website directly.
 

What certificate? PCI?

I don't remember such detailed requirements. 

[AndyC]

Yes from Security Metrics .Anyone who uses Braintree needs this

I've copied and pasted the failed results

[haylau]

We use Trustwave with PayPal and have not (so far) had to do that scan. To be fair we have now switched so that all processing is done on the PayPal (or Stripe) page . One less thing to think about with SCA rearing it's head

I do wonder if it is linked to this warning message that Chrome has started giving

 

[AndyC]

Just had a reply back and there is no way around it, I have to update..

My only alternative is to find another solution that will work with being able to take credit card details on site and include paypal

[musicmaster]

I saw that Prestashop is planning  for 1.7.7 to "upgrading all the outdated jQuery versions to the latest version in all stacks without introducing breaking changes, thanks to jQuery migrate".

Could that be an idea for Thirty Bees too?

Edited November 30, 2019 by musicmaster

[AndyC]

Well if it failing PCI it doesn't just mean me .Anyone using Braintree is trading illegally. I don't really know but if there are vulnerabilities it can't be good for shoppers knowing they can have their details stolen. So there must be other modules that are in the same boat

Edited November 30, 2019 by AndyC

[datakick]

Any merchant that wants to process, store or transmit credit card data is required to be PCI compliant. The solution is simple - don't do that. 

You can choose a payment provider which complies with the PCI, and which can process, store or transmit card data, so you can avoid the whole struggle with PCI. This means that the payment company you work with processes the payments itself, so your website doesn't touch customer's cards details. They take all the PCI burden themselves.

Now, if some payment provider have requirements on stores they integrate with is a completely different topic. It's not PCI, it's a vendor-specific requirement. Braintree, of course, can have any criteria for their partners. But that doesn't mean you are in breach of PCI.

[AndyC]

Hi .. I was just going by what I was advised at the time of started with Braintree so I have stuck with them as they have PayPal included. I would like to move away from having to be PCI compliant as it's just 1 less hassle

Are there any (preferably)  free modules now that let you take card payments from your website. I have seen 2 new ones arrive ..Are they any good

[datakick]

There's a native paypal thirtybees module that works fairly well. And of course there's stripe. I would love to use it myself, unfortunately striped does not support my country yet.

[AndyC]

1 minute ago, datakick said:

stripe.

Used to use stripe but you leave your website to pay ..Well it used to that's why I left it for Braintree.. Or have things changed TB.. Zencart when people paid you left your site and went over to stripe url ,much like PayPal

[datakick]

8 minutes ago, AndyC said:

but you leave your website to pay

That is exactly what makes you PCI compliant. 

And let me tell you, there's nothing wrong with leaving your site.

In fact, it might help your sales. When some website ask for card details directly, I become very nervous. And unless the website belongs to a well-known company, I leave without completing the purchase. I'm just too scared to send my card details to anyone

[AndyC]

Yes I know .. But I don't store any card details ..All I store is the name and Postal Code and a  Transaction Id that is only located in braintree.

[datakick]

21 minutes ago, AndyC said:

Yes I know .. But I don't store any card details ..All I store is the name and Postal Code and a  Transaction Id that is only located in braintree.

You don't need to store them. As long as you have card detail input fields on your site, you are processing and transfering credit card data. And you need to be PCI compliant for that.

But I think we have highjacked this discussion. It's about jquery update, not about PCI compliance.

[doclucas]

@AndyC, totally agree with @datakick - leaving the site to pay can actually be a good thing. I know I never lost a single sale because of that (using both Paypal IPN modules and 2checkout INS module which has a Paypal option as well).

As for jQuery, I like what PS is doing lately, as @musicmaster mentioned, jQuery migrate is useful.

As a side note, I also much prefer Twig (used by OpenCart for a while and by PS 1.7+) over Smarty. And if TB already started breaking backward PS 1.6 compatibility with the new 1.1.x branch by uprading smarty without implementing a backward compatibility layer, would have probably been better to switch to Twig IMHO.

 

P.S. You can design the external payment pages to look very similar to your website as if the customer is still on your site. sorta.

Edited December 5, 2019 by doclucas

[AndyC]

OK. I am willing to try 1 .Or at least look at how it run on TB.

Which ones can you recommend to be reliable and  trustworthy

[doclucas]

I personally have a good experience with 2checkout paymeny system, via a different platform tho (osCommerce, for which I wrote the payment module myself), but as long as you have an up to date 2checkout module to use on any platform it should work well.
That said, USA based businesses have the biggest availability of payment processing options and thus the lowest fees, but UK should have many too I suppose. I don't have many reasonable payment processing options where I operate from.

[AndyC]

I've started with 2 checkout as I want PayPal as a option as well...

I know this is off topic but have just lost another sale (not the first) because they can't see the payment option.. I wish they would remove this 

[doclucas]

Yeah, totally off topic, mate. I don't know if you applied for a 2checkout account and got an active 2checkout account yet or if your module is configured correctly.
Please start a separate thread so that this can be discussed there.
 

Edited December 5, 2019 by doclucas

[AndyC]

mmmmm Have I installed the wrong 1. it looks as though you still pay on my site

Ignore overlap for now ..May be Braintree causing a issue