implement content-security-policy, static assets cache bust, and fix

stripe back button ratchet issue

because the only way to use stripe checkout is to run their proprietary
JS, and we arent using a SPA, naturally what happens is, when you land
on the stripe payment page if you hit the back button it goes back to
the same page where you got re-directed to stripe. this commit fixes
that.

capsulflask/templates/stripe.html

@@ -10,33 +10,30 @@
 
 
 {% block content %}
-<div class="row third-margin">
-  <h1>PAY WITH STRIPE</h1>
-</div>
-<div class="row half-margin">
-  <form method="post">
-    <div class="row justify-start">
-      <label for="dollars">$</label>
-      <input type="number" id="dollars" name="dollars"></input> 
-    </div>
-    <div class="row justify-end">
-      <input type="submit" value="Pay With Stripe">
-    </div>
-  </form>
-</div>
+
 
 {% if stripe_checkout_session_id %}
-  <script>
-    Stripe("{{ stripe_public_key }}")
-    .redirectToCheckout({
-      sessionId: "{{ stripe_checkout_session_id }}",
-    })
-    .then(function(result) {
-      if (result.error) {
-        alert("Stripe.redirectToCheckout() failed with: " + result.error.message)
-      }
-    });
-  </script>
+  <div class="row third-margin">
+    <h1>REDIRECTING...</h1>
+  </div>
+  <input id="stripe_public_key" type="hidden" value="{{ stripe_public_key }}"/>
+  <input id="stripe_checkout_session_id" type="hidden" value="{{ stripe_checkout_session_id }}"/>
+  <script src="{{ url_for('static', filename='pay-with-stripe.js') }}"></script>
+{% else %}
+  <div class="row third-margin">
+    <h1>PAY WITH STRIPE</h1>
+  </div>
+  <div class="row half-margin">
+    <form method="post">
+      <div class="row justify-start">
+        <label for="dollars">$</label>
+        <input type="number" id="dollars" name="dollars"></input> 
+      </div>
+      <div class="row justify-end">
+        <input type="submit" value="Pay With Stripe">
+      </div>
+    </form>
+  </div>
 {% endif %}
 
 {% endblock %}