implement content-security-policy, static assets cache bust, and fix

stripe back button ratchet issue because the only way to use stripe checkout is to run their proprietary JS, and we arent using a SPA, naturally what happens is, when you land on the stripe payment page if you hit the back button it goes back to the same page where you got re-directed to stripe. this commit fixes that.
2020-05-22 15:20:26 -05:00
parent 5a080fe1c5
commit 672ff49d6d
13 changed files with 202 additions and 65 deletions
--- a/capsulflask/static/pay-with-stripe.js
+++ b/capsulflask/static/pay-with-stripe.js
@ -0,0 +1,39 @@
+
+window.addEventListener('DOMContentLoaded', function(event) {
+
+  var httpRequest = new XMLHttpRequest();
+  httpRequest.onloadend = () => {
+    if (httpRequest.status < 300) {
+      try {
+        responseObject = JSON.parse(httpRequest.responseText);
+
+        if(!responseObject.hasRedirectedAlready) {
+          Stripe(document.getElementById("stripe_public_key").value)
+          .redirectToCheckout({
+            sessionId: document.getElementById("stripe_checkout_session_id").value,
+          })
+          .then(function(result) {
+            if (result.error) {
+              alert("Stripe.redirectToCheckout() failed with: " + result.error.message)
+            }
+          });
+        } else {
+          location.href = '/payment/stripe';
+        }
+
+      } catch (err) {
+        alert("could not redirect to stripe because capsul did not return valid json");
+      }
+    } else {
+      alert("could not redirect to stripe because capsul returned HTTP" + httpRequest.status + ", expected HTTP 200");
+    }
+  };
+
+  httpRequest.ontimeout = () => {
+    alert("could not redirect to stripe because capsul timed out");
+  };
+
+  httpRequest.open("GET", "/payment/stripe/"+document.getElementById("stripe_checkout_session_id").value+"/json?q="+String(Math.random()).substring(2, 8));
+  httpRequest.timeout = 10000;
+  httpRequest.send();
+});