HEX
Server: nginx
System: Linux pool195-106-36.bur.atomicsites.net 6.12.57+deb12-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.12.57-1~bpo12+1 (2025-11-17) x86_64
User: (0)
PHP: 8.3.32
Disabled: pcntl_fork
Upload Files
File: //wordpress/plugins/woocommerce-fraud-protection/0.1.5/assets/js/paypal-express.js
/**
 * PayPal Express fetch interceptor for Woo Fraud Protection.
 *
 * Intercepts PayPal's ppc-create-order AJAX calls to inject the Blackbox
 * session ID into the request body. This allows the server-side PayPalCompat
 * handler to verify the session before PayPal order creation.
 *
 * Follows the same fetch interceptor pattern as PayPal's reCAPTCHA module.
 *
 * Resets Blackbox after the CreateOrder fetch returns so subsequent payment
 * attempts (retry, different method) get a fresh session for evaluation.
 */
( function () {
	if ( ! window.wcFraudProtection ) {
		return;
	}

	const fp = window.wcFraudProtection;
	const originalFetch = window.fetch;

	window.fetch = async function ( resource, init ) {
		init = init || {};
		// fetch() accepts string, URL, or Request objects.
		const url =
			resource instanceof Request ? resource.url : String( resource );

		if ( ! url || url.indexOf( 'ppc-create-order' ) === -1 ) {
			return originalFetch.call( this, resource, init );
		}

		// Acquire session ID (fail-open on timeout, see SESSION_ID_TIMEOUT_MS).
		const sessionId = await fp.acquireSessionId();

		try {
			const body = JSON.parse( init.body );
			body[ fp.config.sessionIdField ] = sessionId;
			init.body = JSON.stringify( body );
		} catch ( e ) {
			// Fail-open: send the request without session ID.
		}

		try {
			return await originalFetch.call( this, resource, init );
		} finally {
			// Reset Blackbox so subsequent payment attempts get a fresh session.
			fp.reset();
		}
	};
} )();