Why doesn’t Stripe just allow the <form> to be posted to Stripe’s servers that do the processing and then send the client back a Location header of the originating website with some URL parameters added to securely send the token back? It would eliminate the need for all of this JavaScript/iframe malarkey.
For one thing, it’s much easier to render errors in Stripe’s current state. The page never changes, so they don’t need to worry about it at all. Furthermore, it’s basically zero config; no need to set up some sort of endpoint with Stripe.
Why doesn’t Stripe just allow the <form> to be posted to Stripe’s servers that do the processing and then send the client back a Location header of the originating website with some URL parameters added to securely send the token back? It would eliminate the need for all of this JavaScript/iframe malarkey.
For one thing, it’s much easier to render errors in Stripe’s current state. The page never changes, so they don’t need to worry about it at all. Furthermore, it’s basically zero config; no need to set up some sort of endpoint with Stripe.