Last Updated: 2021-05-16
We wanted to use a Stripe offsite redirect flow in Project S but were not sure if it would work. I spiked something in the Stripe test environment and sure enough it worked so we figured we were good to go.
A month later, after we had submitted this software to the app store (but luckily, before release), I tested out the live stripe API, and lo and behold, the payment redirect page would not even load, due to it requiring us to host the page on a given host (and the generated HTML I was using not having a host to speak of). This behavior was different to the sandbox behavior, which did not have this requirement.
Thus I had to rewrite to host it on the backend server somewhere.
Knowing that this feature was risky, I should have manually tested against the production API during my spike to be aware of these differences sooner.