fix(rcart): use popup for Transak in all environments

Transak production also sends X-Frame-Options: SAMEORIGIN, blocking iframe embeds. Switch to popup window for all environments, not just staging. Show "payment opened in new window" status with re-open button. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-03 02:26:30 +00:00 · 2026-04-03 02:26:30 +00:00 · 3c801aecaf
parent 1b8fcbdf47
commit 3c801aecaf
1 changed files with 15 additions and 23 deletions
--- a/modules/rcart/components/folk-payment-page.ts
+++ b/modules/rcart/components/folk-payment-page.ts
@ -158,21 +158,19 @@ class FolkPaymentPage extends HTMLElement {
 			// Listen for Transak postMessage events
 			window.addEventListener('message', this.handleTransakMessage);

-			// Staging blocks iframes (X-Frame-Options: sameorigin) — use popup
-			if (this.transakEnv === 'STAGING') {
-				this.transakPopup = window.open(
-					data.widgetUrl,
-					'transak-payment',
-					'width=450,height=700,scrollbars=yes,resizable=yes',
-				);
-				// Poll for popup close (user cancelled)
-				const popupPoll = setInterval(() => {
-					if (this.transakPopup?.closed) {
-						clearInterval(popupPoll);
-						this.transakPopup = null;
-					}
-				}, 1000);
-			}
+			// Transak blocks iframes (X-Frame-Options: sameorigin) — always use popup
+			this.transakPopup = window.open(
+				data.widgetUrl,
+				'transak-payment',
+				'width=450,height=700,scrollbars=yes,resizable=yes',
+			);
+			// Poll for popup close (user cancelled)
+			const popupPoll = setInterval(() => {
+				if (this.transakPopup?.closed) {
+					clearInterval(popupPoll);
+					this.transakPopup = null;
+				}
+			}, 1000);
 		} catch (e) {
 			this.error = e instanceof Error ? e.message : String(e);
 		}
@ -570,9 +568,8 @@ class FolkPaymentPage extends HTMLElement {

 	private renderCardTab(): string {
 		if (this.transakUrl) {
-			// Staging: Transak blocks iframes, show popup status instead
-			if (this.transakEnv === 'STAGING') {
-				return `
+			// Transak blocks iframes (X-Frame-Options: sameorigin) — show popup status
+			return `
 				<div class="tab-body" style="text-align:center">
 					<div class="transak-popup-status">
 						<p class="tab-desc">Transak payment opened in a new window.</p>
@ -580,11 +577,6 @@ class FolkPaymentPage extends HTMLElement {
 						<button class="btn" data-action="reopen-transak" style="margin-top:0.5rem">Re-open Payment Window</button>
 					</div>
 				</div>`;
-			}
-			return `
-				<div class="transak-container">
-					<iframe src="${this.transakUrl}" class="transak-iframe" allow="camera;microphone;payment" frameborder="0"></iframe>
-				</div>`;
 		}

 		return `