implement content-security-policy, static assets cache bust, and fix

stripe back button ratchet issue because the only way to use stripe checkout is to run their proprietary JS, and we arent using a SPA, naturally what happens is, when you land on the stripe payment page if you hit the back button it goes back to the same page where you got re-directed to stripe. this commit fixes that.
2020-05-22 15:20:26 -05:00
parent 5a080fe1c5
commit 672ff49d6d
13 changed files with 202 additions and 65 deletions
--- a/capsulflask/templates/base.html
+++ b/capsulflask/templates/base.html
@ -1,6 +1,5 @@
 <html lang="en">
 <head>
-  <link href="data:image/gif;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAQAAGAPAABgDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJSWrAEFB/wAoKLY8KyvAuywsxvUsLMbzKivAsScntTEvL8cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJCOnAC4u0QAnJ7c9LCzF1S4u0f8vL9P/Ly/T/y4u0P8rK8PFJye1JgAAAAAAAAAAAAAAAAAAAAAAAAAAISGnADEyzwAoKLc7LC3H1TAx1P8xMtb/MDHV/y8v1P8vL9P/Li7P/ioqvYsAAAAAAAAAAAAAAAAAAAAAICCjADU10gAqKrg5LzDJ0zQ11/83ONv/Nzjb/zU22f8yMtb/Ly/U/y8v0v8rK8LCAAAAAAAAAAAAAAAAImWuADIBxAApKrE3MDDJ0Tc42v88Pd//PT/g/z0+3/86O93/NTbZ/zAx1f8vL9H/KyvBugAAAAAAAAAAIpG+ACq06wAmrdo1Kn7U0DVB1P8+P+D/QkTk/0NF5P9BQ+P/PD7f/zc42/8xMtb/LS3M+Ckpu24AAAAAH465ACu26AAnqdgyKrXpzi2++P8xiub/QEve/0hK6P9ISuj/REbl/z4/4P83ONv/MDDQ/SoqwJ4mJq8RI6HGAC285QApsdkwLb3qyy/I+f8vyPz/LsP6/zWN6P9HUuT/Skvq/0RF5f89PuD/NTXV/iwswaUmJbEVJye1AC7A4gAruNkuL8XqyTPR+v8z0v3/Ms/8/zDL/P8uxPr/No3p/0NM4P9BQuP/OTrY/i8wxagoKLIXKiq4AAAAAAAtu9ciMcrqwTXY+v822/3/Ndn9/zTW/f8y0fz/MMv8/y7C+v8yh+b/OEHU/jMzx6sqK7QYLS68AAAATQAAAAAAMMfjhzbZ+P034P7/N9/+/zfd/v822/3/NNb9/zLP/P8vyPz/LLr0/yp3z60rH6waLTG3ABQSfAAAAAAAAAAAADPP6cE44f3/OOT+/zjj/v834f7/N93+/zXZ/f8z0v3/L8b3/ymy5q8kq9cbJ6TZABD/3QAAAAAAAAAAAAAAAAA00em7OeT9/zrm//855f7/OOP+/zff/v822/3/MtD4/yy757ImptQdKa/dAByMugAAAAAAAAAAAAAAAAAAAAAAM83iczji9/k66v//Ouf//znk/v834P7/Ndf5/y/D57UordUeK7XdACGauwAAAAAAAAAAAAAAAAAAAAAAAAAAAC7B1hQ01OiiOOL4+znl/f844vz/Ndn3/DHJ6LIrttYgLr7eACSZvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzyd4AL8HWFTPO4nc00um/M8/pwTDG4n8tu9YbMMXgACanxQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/4EAAP8AAAD+AAAA/AAAAPgAAADwAAAA4AAAAMABAACAAwAAAAcAAAAPAAAAHwAAAD8AAAB/AAAA/wAAgf8AAA==" rel="icon">
  <title>{% block title %}{% endblock %}{% if self.title() %} - {% endif %}Capsul</title>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width,initial-scale=1.0">
--- a/capsulflask/templates/create-capsul.html
+++ b/capsulflask/templates/create-capsul.html
@ -67,16 +67,7 @@
        <input id="submit-button" type="submit" value="Create">
        <span  id="submit-button-clicked" class="display-none">..Creating...</span>
      </div>
-      <script>
-        window.addEventListener('DOMContentLoaded', function(event) {
-            var submitButton = document.getElementById('submit-button');
-            var submitButtonClicked = document.getElementById('submit-button-clicked');
-            document.getElementById('submit-button').onclick = function() {
-              submitButton.className = "display-none";
-              submitButtonClicked.className = "waiting-pulse";
-            }
-        });
-      </script>
+      <script src="{{ url_for('static', filename='create-capsul.js') }}"></script>
    </form>
  {% endif %}

--- a/capsulflask/templates/stripe.html
+++ b/capsulflask/templates/stripe.html
@ -10,33 +10,30 @@


 {% block content %}
-<div class="row third-margin">
-  <h1>PAY WITH STRIPE</h1>
-</div>
-<div class="row half-margin">
-  <form method="post">
-    <div class="row justify-start">
-      <label for="dollars">$</label>
-      <input type="number" id="dollars" name="dollars"></input> 
-    </div>
-    <div class="row justify-end">
-      <input type="submit" value="Pay With Stripe">
-    </div>
-  </form>
-</div>
+

 {% if stripe_checkout_session_id %}
-  <script>
-    Stripe("{{ stripe_public_key }}")
-    .redirectToCheckout({
-      sessionId: "{{ stripe_checkout_session_id }}",
-    })
-    .then(function(result) {
-      if (result.error) {
-        alert("Stripe.redirectToCheckout() failed with: " + result.error.message)
-      }
-    });
-  </script>
+  <div class="row third-margin">
+    <h1>REDIRECTING...</h1>
+  </div>
+  <input id="stripe_public_key" type="hidden" value="{{ stripe_public_key }}"/>
+  <input id="stripe_checkout_session_id" type="hidden" value="{{ stripe_checkout_session_id }}"/>
+  <script src="{{ url_for('static', filename='pay-with-stripe.js') }}"></script>
+{% else %}
+  <div class="row third-margin">
+    <h1>PAY WITH STRIPE</h1>
+  </div>
+  <div class="row half-margin">
+    <form method="post">
+      <div class="row justify-start">
+        <label for="dollars">$</label>
+        <input type="number" id="dollars" name="dollars"></input> 
+      </div>
+      <div class="row justify-end">
+        <input type="submit" value="Pay With Stripe">
+      </div>
+    </form>
+  </div>
 {% endif %}

 {% endblock %}