greyhare
commented
3 years ago BTW, we're PCI-DSS level 4, SAQ A, and using Stripe Checkout so we never see sensitive card info. IIRC we're restricted to either Stripe Checkout or Stripe Elements.
Open greyhare opened 3 years ago
greyhare
commented
3 years ago BTW, we're PCI-DSS level 4, SAQ A, and using Stripe Checkout so we never see sensitive card info. IIRC we're restricted to either Stripe Checkout or Stripe Elements.
jrief
commented
3 years ago OK, would you like to upgrade to a newer version of Stripe? Do you know, if the underlying JS-library already supports Stripe 2+?
greyhare
commented
3 years ago That library hasn't been updated since May 15, 2017, and the requests for Stripe v3 support (required by Python Stripe 2+) have been met with "submit a PR, I don't have time."
I was wondering how much Django Shop depended on Node (my existing site has no need for it), and this (and angularjs-stripe seems to handle sensitive data like CVV numbers directly?) might be a show stopper. (It's hard to separate "Django Shop depends on this" from "just nice to have" in the cookiecutter template.)
jrief
commented
3 years ago Do you know of any library, in order to replace angularjs-stripe against a native JS implementation? I really would like to get rid of all JS frameworks. Betting on AngularJS at the time, nowadays turns out to be huge legacy.
Django-SHOP does not depend on node. In fact one of the benefits of AngularJS is that it runs without any preprocessing step, except bundling any uglifying - if that is desired.
greyhare
commented
3 years ago Django-SHOP does not depend on node.
NODE_MODULES_URLmust be set in project settings for:
shop/management/commands/shop.pyandshop/static/shop/css/_variables.scss(to find FontAwesome)
As for Stripe, I'm not sure I understand the question, but my existing site uses dj-stripe, which is server-side only. Mostly I use it to handle the webhook callbacks from Stripe's servers. Since Stripe Checkout just redirects the user to a Stripe site for payment, the template code just looks like this:
{% block live_js %}
{% if object.checkout_session %}
<script src="https://js.stripe.com/v3/"></script>
<script>
var stripe = Stripe('{{ stripe_public_key }}');
$("#checkout_button").click(function() {
stripe.redirectToCheckout({
sessionId: '{{ object.checkout_session }}'
}).then(function (result) {
alert(result.error.message);
});
});
</script>
{% endif %}
{% endblock live_js %}I have a model for an order, and the view function calls a method on it to generate the checkout session, and its ID gets put into object.checkout_session. I can show you code for creating and finalizing a checkout session, as well as the webhook.
I haven't looked at Stripe Elements in detail yet, but they're what you want if you want to integrate the payment step into your page. They're also set up to keep card info from traversing your site, maintaining PCI-DSS SAQ A.
greyhare
commented
3 years ago IMHO maybe Stripe 2.x/API v3 support should be a new module.
Why is this module locked to Stripe 1.53.0, which was released way back in April 6, 2017?
I'm working on migrating a Django site that uses djstripe (and thus stripe 2.x) to django-shop, and I'm wondering if this will be a problem. I want to be able to migrate existing database records to the new site.