Stripe: Relax same-session requirement for iDEAL payments

This security mechanism caused problems with banking apps who open the return view in a separate browser session inside the banking app.
2026-05-04 15:04:03 +00:00 · 2019-10-30 17:21:42 +01:00
parent 2a9c105e51
commit 3a0aaa3f92
1 changed files with 1 additions and 1 deletions
--- a/src/pretix/plugins/stripe/views.py
+++ b/src/pretix/plugins/stripe/views.py
@@ -454,7 +454,7 @@ class StripeOrderView:
        return self.request.event.get_payment_providers()[self.payment.provider]

    def _redirect_to_order(self):
-        if self.request.session.get('payment_stripe_order_secret') != self.order.secret:
+        if self.request.session.get('payment_stripe_order_secret') != self.order.secret and self.payment.provider != 'stripe_ideal':
            messages.error(self.request, _('Sorry, there was an error in the payment process. Please check the link '
                                           'in your emails to continue.'))
            return redirect(eventreverse(self.request.event, 'presale:event.index'))