supporters: Note reasoning behind use of hosted checkout

2024-10-28 17:27:07 +11:00 · 2024-10-28 17:27:07 +11:00 · 3f4d8a4522
commit 3f4d8a4522
parent d82122daa4
1 changed files with 6 additions and 0 deletions
--- a/conservancy/supporters/views.py
+++ b/conservancy/supporters/views.py
@ -88,6 +88,12 @@ def sustainers_stripe(request):
        if form.is_valid():
            order = form.save()
            base_url = f'{request.scheme}://{request.get_host()}'
+            # There are a few options for integrating with Stripe. A common one, and
+            # possibly the least intrusive is to use the proprietary
+            # https://js.stripe.com/v3/ to embed Stripe form fields into your own
+            # form. Another embeds a hosted form in your page. The approach we've used
+            # is to redirect to a hosted checkout page. This is far from perfect, but it
+            # avoids adding proprietary JS on sfconservancy.org.
            stripe_checkout_url = create_checkout_session(
                order.id, order.email, order.amount, order.recurring, base_url
            )