From 3658ec9491cf6a24ad81889b0a38c926229517a6 Mon Sep 17 00:00:00 2001
From: Ben Sturmfels <ben@sturm.com.au>
Date: Mon, 28 Oct 2024 17:27:07 +1100
Subject: [PATCH] supporters: Note reasoning behind use of hosted checkout

---
 conservancy/supporters/views.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/conservancy/supporters/views.py b/conservancy/supporters/views.py
index 596c8113..aab7b6ac 100644
--- a/conservancy/supporters/views.py
+++ b/conservancy/supporters/views.py
@@ -88,6 +88,12 @@ def sustainers_stripe(request):
         if form.is_valid():
             order = form.save()
             base_url = f'{request.scheme}://{request.get_host()}'
+            # There are a few options for integrating with Stripe. A common one, and
+            # possibly the least intrusive is to use the proprietary
+            # https://js.stripe.com/v3/ to embed Stripe form fields into your own
+            # form. Another embeds a hosted form in your page. The approach we've used
+            # is to redirect to a hosted checkout page. This is far from perfect, but it
+            # avoids adding proprietary JS on sfconservancy.org.
             stripe_checkout_url = create_checkout_session(
                 order.id, order.email, order.amount, order.recurring, base_url
             )