#rtm_stripejs-electron

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1230982487962947705

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Hello

Hi!

You see that warning when you are in livemode (using your live publishable key to initialize Stripe.JS)?

Really that error should only show in test mode and Stripe.JS should fail to initialize if you are serving it over HTTP and not HTTPS in live mode

I'm still in development mode. Using test keys. Are you saying if I use the live keys stripe.js will not load?

Yes if it is not served over HTTPS

But it is totally fine if you are developing locally right now and just in test mode

Then you can ignore that warning as it is just letting you know that you can't serve locally (over HTTP) with your live key

This is a desktop app. The local files are always going to be served via localhost, even in production. Not sure if you are familiar with ElectronJS or Tauri but that's how it works.

I'm just using Stripe.js on the app to load Stripe elements but all the logic and Stripe usage with private keys happens in the backend server. The app communicates with the server in HTTPS.

Hmm no I'm not familiar with those frameworks but Stripe.JS does require HTTPS for securely transmitting card data

It does use HTTPS to load stripe.js and all the communication from the desktop app to the backend server also uses HTTPS

It's just that the load of stripe.js will have origin http://127.0.0.1:1420

rtm_stripejs-electron

your domain has to be over https. if it's not it won't work in production

https://www.reddit.com/r/electronjs/comments/ax1huq/psa_you_can_use_stripe_in_electron_apps/

Similar thread on reddit, just wanted to confirm what was said in there was true.

yeah file:// is different, you said you used http://

it's also 5 years old and unlikely to be current

I mean the easiest solution is to try your Live API key and see what happens!

How does that apply when using <script src="https://js.stripe.com/v3" async></script>? I guess I could host stripe.js locally and use file://

I'm trying now with the live keys

this is irrelevant with the way you load Stripe.js. They are completely separate thing. IT's about how your website or webapp is rendered/loaded, like the topmost origin of the page

I used the live publishable key on the app part and it loads fine. I still get the warning though. It's actually using a custom protocol as the origin when built in release mode. It uses tauri://localhost

https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html#url=tauri%3A%2F%2Flocalhost&title=Relative Motion App&referrer=&muid=NA&sid=NA&version=6&preview=false

as long as everything renders with a live key you should be fine

Ok, good to know. I will test some more tomorrow. Maybe make a real payment and see if it goes through.

Thanks a lot for the assistance