requirejs-config.js loading external javascripts

[ThijsdejongSNC]

Direct loading of external JS in: /view/base/requirejs-config.js
checkoutjs_test: "https://widget-acc.paazl.com/v1/checkout.js", checkoutjs_live: "https://widget.paazl.com/v1/checkout.js"

I think this is really bad design for three reasons:

• Dependency: Once the paazl server is offline the checkout of all stores will go offline. We already experienced this once due to a paazl outage on black friday two years back.
• Security: hack paazl and you can load code in all stores running this module. This wouldn't be the first example of this. Once you do that, it's easy to steal credit card into etc. That would be extremely bad press for Paazl and it's customers.
• Customisability: currently, there is no support for correct vat rates in shipping prices and we cannot alter this ourselves because it is loaded from external javascript files.

[ericclaeren]

This will break the checkout if this file is not available, this happened also a while ago with a similar Vimeo issue. Please include it locally.

[Frank-Magmodules]

hi @ThijsdejongSNC  and @ericclaeren ,

We are happy to share that we have just released the 1.10.0 version where we have the ability to use an internal copy of widget js + added fallback for the external widget js. Thanks for the detailed report and patience.

We are closing this issue now but please feel free to reopen the issue if this still occurs.