Stripe: Prevent lost session with firefox tracking protection

2026-05-04 15:04:03 +00:00 · 2022-10-11 18:04:30 +02:00
parent 7e79fc8b5e
commit 9ed39ab0fa
2 changed files with 23 additions and 11 deletions
--- a/src/pretix/plugins/stripe/payment.py
+++ b/src/pretix/plugins/stripe/payment.py
@@ -649,10 +649,14 @@ class StripeMethod(BasePaymentProvider):

    def redirect(self, request, url):
        if request.session.get('iframe_session', False):
-            signer = signing.Signer(salt='safe-redirect')
            return (
-                build_absolute_uri(request.event, 'plugins:stripe:redirect') + '?url=' +
-                urllib.parse.quote(signer.sign(url))
+                build_absolute_uri(request.event, 'plugins:stripe:redirect') +
+                '?data=' + signing.dumps({
+                    'url': url,
+                    'session': {
+                        'payment_stripe_order_secret': request.session['payment_stripe_order_secret'],
+                    },
+                }, salt='safe-redirect')
            )
        else:
            return str(url)