Ghost: Stripe javascript file is loaded even if no stripe connection is setup
Issue Summary
When enabling members but not paid members (without stripe connection), the stripe javascript is still loaded on the blog.
The load time hit is quite substantial, it would be great if would only be added if the stripe API key is set.
To Reproduce
- Enable members, but no stripe payment
- Load the frontend
- Stripe javascript file is loaded
Technical details:
- Ghost Version: 3.1.1
- Node Version: All
- Browser/OS: All
- Database: All
In the ghost_head.js file in the helpers folder, there is just no difference at the moment:
function getMembersHelper() {
return `
<script src="https://js.stripe.com/v3/"></script>
<script defer src="${getAssetUrl('public/members.js')}"></script>
`;
}
christian-kolb
>All comments
I've published a pull request with a simple fix for this issue (see above). It should be noted that this issue is potentially even more problematic for people running their own sites in GDPR countries.
Stripe.js sets cookies that probably require extra attention in a site's privacy policy. If the people running their site's don't add Stripe in their privacy policy because they don't expect Ghost to load Stripe because they just haven't configured it (a reasonable assumption imho), that could potentially cause problems.
svenewers
on 3 Jan 2020
Related issues
ss4344
路
4Comments
kirrg001
路
3Comments
hjzheng
路
4Comments
rishabhgrg
路
3Comments
PaszaVonPomiot
路
3Comments
Most helpful comment
I've published a pull request with a simple fix for this issue (see above). It should be noted that this issue is potentially even more problematic for people running their own sites in GDPR countries.
Stripe.js sets cookies that probably require extra attention in a site's privacy policy. If the people running their site's don't add Stripe in their privacy policy because they don't expect Ghost to load Stripe because they just haven't configured it (a reasonable assumption imho), that could potentially cause problems.