Replace Stripe Checkout with Stripe Elements for in-page payment

- PaymentIntent instead of Checkout Session on connected account - Stripe Elements Payment Element with neo-brutalist theme - stripe-payment.js module with waitForStripe() for deferred loading - No inline scripts (CSP compliant), data attributes on container - Add order_number (YYYY-MM-DD-increment) to BilletBuyer - Payment page redesign: full-width vertical layout with event info, buyer info, billet listing with images/descriptions, payment form - CSP: add js.stripe.com to script-src, api.stripe.com to connect-src - Add stripe_pk parameter in services.yaml - Add head block to base.html.twig for page-specific scripts Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-21 16:13:06 +01:00
parent 3744fb84f1
commit d0391e5fda
11 changed files with 257 additions and 66 deletions
--- a/config/packages/nelmio_security.yaml
+++ b/config/packages/nelmio_security.yaml
@@ -34,6 +34,7 @@ nelmio_security:
                - 'https://static.cloudflareinsights.com'
                - 'https://challenges.cloudflare.com'
                - 'https://cdn.jsdelivr.net'
+                - 'https://js.stripe.com'
                - 'unsafe-inline'
            style-src:
                - 'self'
@@ -58,6 +59,7 @@ nelmio_security:
                - 'https://challenges.cloudflare.com'
                - 'https://nominatim.openstreetmap.org'
                - 'https://cdn.jsdelivr.net'
+                - 'https://api.stripe.com'
            font-src:
                - 'self'
                - 'https://cdnjs.cloudflare.com'
--- a/config/services.yaml
+++ b/config/services.yaml
@@ -7,6 +7,7 @@
 # Put parameters here that don't need to change on each machine where the app is deployed
 # https://symfony.com/doc/current/best_practices.html#use-parameters-for-application-configuration
 parameters:
+    stripe_pk: '%env(STRIPE_PK)%'

 services:
    # default configuration for services in *this* file