2. The unified order interface returns payment related parameters to the merchant background, such as payment jump url (parameter name "mweb_url"), and the merchant calls out the middle page of WeChat payment through mweb_url. Such as:/CGI-bin/mmpayweb-bin/checkmweb? prepay _ id = wx 27 142704550 165900 edae 527033 15 15985 & amp; package = 6007593 1 1 & amp; Redirect url=
3. Check the H5 authority and the security of the intermediate page (see the official WeChat document for specific errors).
4. If the authority is verified successfully, the payment request will be initiated on the middle page of WeChat Payment. Jump to the callback page (determined by redirect_url) after the request is completed. APP needs to listen to this request in webView and open WeChat for payment. Such as weixin://wap/pay? Prepaid id% 3dwx2718114258281033efb8751f1574826586 &; package = 296558 1453 & amp; non estr = 15459055 12 & amp; sign = CB 0 f 6 DBD 067549 a 04 aada 9 C3 eef 09 AAC
5. Jump back to the APP after WeChat payment.
HTTP Referer is part of the header. When a browser makes a request to a web server, it usually brings a Referer and tells the server which page I am linking to. The middle page of WeChat will verify Referer, and the non-secure domain name will not be loaded normally.
Redirect_url is the address of the page redirection after the middle page of WeChat evokes WeChat payment. After the middle page evokes WeChat payment, it will jump to the specified redirect_url. Moreover, when the payment is completed, the WeChat APP also calls back the result through redirect_url, which is usually the page address, so the payment of WeChat will open the Safari browser. By modifying redirect_url, this article can jump back to the current APP after WeChat payment.
The secure domain name of WeChat H5 payment needs to be configured as scheme, and WeChat payment will jump back to the APP through this scheme.
Then intercept the middle page of WeChat (the request starting with "") in the shouldStartLoadWithRequest: method, and intercept redirect_url. If redirect_url has been replaced by scheme, do not block it. If it is not replaced, intercept the request and save the current redirect_url. Create a new WeChat middle page request and replace redirect_url with "secure domain name://"(WeChat will open the current APP through openURL after payment. If you don't replace redirect_url, WeChat will open Safari browser after payment. )。 Set "Referer" as the secure domain name (WeChat will verify Referer, otherwise the secure domain name will fail to load) and reload the request.
After the middle page of WeChat is successfully loaded, you will receive a request to open WeChat. Use openurl: Open this url to jump to WeChat payment.
When the middle page of WeChat jumps to WeChat, the page will be redirected to redirect_url. Since the redirect_url was changed to scheme by us, we need to intercept this illegal scheme request and replace it with the redirect_url of the record.
Take UIWebView as an example.
There is also an article about H5 payment package, which can be used not only on the webpage, but also on this machine. See: iOS-H5 payment (WeChat, Alipay) native package.