Change stripe payments to do server side redirect

mhagander · mhagander · commit b23da5c2a661 · 2025-08-26T12:06:03.000+02:00
It makes little sense to load a separate page, which loads a third party
javascript, and then executes it inline just to perform a redirect to an
URL that's already in the response from the API.

It does lead to one extra (cheap) stripe api call if the user initates
the payment at stripe, doesn't complete it, and rstarts the process from
the invoice. But in all other (thus, the normal) cases it leads to less
calls, and avoiding to load 3rd party javascript inline in general is a
good thing.
diff --git a/docs/invoices/payment.md b/docs/invoices/payment.md
@@ -257,8 +257,7 @@ This module requires the Python module `braintree` to be installed.
 #### Stripe Creditcard
 
 This method uses the Stripe creditcard system. This uses the Stripe
-"Checkout" system, which uses a mix of server-side code and hosted
-javascript, with the actual payment form entirely hosted by Stripe.
+"Checkout" system. This uses hosted payment forms at Stripe.
 
 #### Trustly Banktransfer
 
diff --git a/postgresqleu/stripepayment/views.py b/postgresqleu/stripepayment/views.py
@@ -43,8 +43,12 @@ def invoicepayment_secret(request, paymentmethod, invoiceid, secret):
             # user has multiple tabs open.
             return HttpResponseRedirect("/invoices/{0}/{1}/".format(invoice.id, invoice.recipient_secret))
 
-        # Else session exists but is not completed, so send it through back to Stripe
-        # again.
+        # Else session exists but is not completed, so fetch the session and send the user
+        # back to Stripe.
+        StripeLog(message="Re-fetching session {0} (id {1}) for another try.".format(co.id, co.sessionid),
+                  paymentmethod=method).save()
+        r = api.secret('checkout/sessions/{}'.format(co.sessionid))
+        sessionurl = r.json()['url']
     except StripeCheckout.DoesNotExist:
         # Create a new checkout session
         co = StripeCheckout(createdat=timezone.now(),
@@ -76,14 +80,12 @@ def invoicepayment_secret(request, paymentmethod, invoiceid, secret):
             return HttpResponse("Unable to create Stripe payment session: {}".format(r.status_code))
         j = r.json()
         co.sessionid = j['id']
+        sessionurl = j['url']
         co.paymentintent = j['payment_intent']
         co.save()
 
-    return render(request, 'stripepayment/payment.html', {
-        'invoice': invoice,
-        'stripekey': pm.config('published_key'),
-        'sessionid': co.sessionid,
-    })
+    # Redirect to the stripe payment URL
+    return HttpResponseRedirect(sessionurl)
 
 
 def invoicepayment_results(request, paymentmethod, invoiceid, secret):
diff --git a/template/stripepayment/payment.html b/template/stripepayment/payment.html
