Ghost: Require a production environment to use a live Stripe account

Created on 3 Dec 2020  路  1Comment  路  Source: TryGhost/Ghost

Issue Summary

Ghost currently allows you to connect to a live Stripe account regardless of the environment it's running in. We've seen instances where an export is taken from a live production site and imported into a development site, and this ends up wiping the webhooks from Stripe + breaking Members.

To Reproduce

  1. Download an export from a production Ghost site w/ a live Stripe account connected
  2. Import this into a local development site
  3. Run Ghost
  4. Ensure Ghost doesn't connect to this account/errors out

Ghost running in development should ideally only allow the use of a test Stripe account, so Members is still functional for local testing.

Technical details:

  • Ghost Version: 3.39.0
  • Node Version: 12.18.0
  • Database: MySQL
customer members priority
Source
picture daniellockyer

Most helpful comment

I think we should only permit creating webhooks under these circumstances too, and relying on the Stripe CLI for webhooks in development!

picture allouis on 3 Dec 2020
👍3

>All comments

I think we should only permit creating webhooks under these circumstances too, and relying on the Stripe CLI for webhooks in development!

allouis picture allouis on 3 Dec 2020
👍3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

shadowbottle picture shadowbottle  路  3Comments
RadoslavGatev picture RadoslavGatev  路  3Comments
albizures picture albizures  路  3Comments
ArthurianX picture ArthurianX  路  4Comments
marcuspoehls picture marcuspoehls  路  4Comments