fix: Prevent Paypal 403ing a Tor IP from breaking Stripe checkout
Sometimes, when a user using the Tor Browser connects to the donate page, Paypal will notice the IP requesting its SDK and, realizing it's associated with Tor, refuse to send us the SDK, 403ing us instead. This is.... incredibly rude. Worse still, if on-page Javascript is run which expects the Paypal SDK to be present as normal, the ensuing errors will scuttle Javascript from being able to run further on the page - which includes the Javascript which embeds the Stripe payment form onto the page.
This is an unacceptable state of affairs, so we solve this simply: In the two main Paypal methods which are bound upon pageload (to wit: setupPaypalOneTimeButtons()
and setupPaypalSubscriptionButtons()
), we had previously begun immediately leveraging the Paypal SDK. This commit changes this behavior to first check and see whether the Paypal SDK has loaded - and if not, it quietly exits Paypal button setup.
This change allows Stripe payments to continue to go through even if Paypal refuses to serve its own SDK. One knock-on effect of this change is that, in this situation, the Paypal buttons will not embed at the bottom of the form. While there is a notice to Tor Browser users warning them that Paypal donations cannot be made with the Tor Browser, there is the potential for this scenario to lead to user confusion if they skip that notice but continue to fill out the form doggedly as is. Future development may want to account for this scenario by disabling the Paypal toggle in the event that the SDK fails to load.
This commit also removes a needless, commented-out line referencing a former implementation of the Paypal SDK.