Why do we need to use a client side JavaScript to initiate a redirect for a "Checkout" (https://stripe.com/docs/payments/checkout/accept-a-payment#redirect-checkout …) if the session-id is already know in the previous step on the server-side? What's the sense of this? @stripe
-
-
Replying to @JanSlabon
The reason this happens from client-side is this is a security-related step. Your publishable key makes a call with the Checkout session, which must be validated—you can't redirect directly to a Stripe-hosted Checkout page.
1 reply 0 retweets 0 likes -
Replying to @stripe
And this publishable key is only accessible via JS? It's a strange roundtrip which feels so obsolete. If it is public it shouldn't matter what SDK (client or server side) does and validates this call?
1 reply 0 retweets 0 likes
The client-side redirect is used to attach browser information for Radar—you can read more about that here: https://stripe.com/docs/disputes/prevention/advanced-fraud-detection …. There is currently no way to do that server-side, but we’re looking into it.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.