Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't allow setting of amounts client side #16

Open
thorsten-stripe opened this issue Jan 29, 2021 · 0 comments
Open

Don't allow setting of amounts client side #16

thorsten-stripe opened this issue Jan 29, 2021 · 0 comments
Labels
enhancement New feature or request

Comments

@thorsten-stripe
Copy link
Contributor

It's generally not recommended to set the amount client side without validating the input on the server.

I think it might make sense to limit creation of Checkout sessions to usage with pre-created price IDs and disallow creation of PaymentIntents for now.

  • Checkout sessions: only allow line_items[].price and disallow setting of line_items[].price_data
  • PaymentIntents: don't yet support line_items therefore we should disallow creation of PaymentIntents client-side or we should add some functionality where you can feed a product.json file to NextStripe(req, res, options) via the options and then rather than passing in an amount client-side, you pass in your product id and the library then finds your product form the json and gets the amount from there.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants