Fix paypal same-site origin opener policy

src/ptcoffee/config.py

@@ -20,6 +20,7 @@ CACHE_CONFIG = {
 
 PAYPAL_CLIENT_ID = os.environ.get('PAYPAL_CLIENT_ID', '')
 PAYPAL_SECRET_ID = os.environ.get('PAYPAL_SECRET_ID', '')
+PAYPAL_ENVIRONMENT = os.environ.get('PAYPAL_ENVIRONMENT', 'SANDBOX')
 USPS_USER_ID = os.environ.get('USPS_USER_ID', '639NATHA3105')
 DEFAULT_ZIP_ORIGINATION = os.environ.get('DEFAULT_ZIP_ORIGINATION', '98368')
 
@@ -37,3 +38,4 @@ SECURE_HSTS_SECONDS = os.environ.get('SECURE_HSTS_SECONDS', 3600)
 SECURE_SSL_REDIRECT = os.environ.get('SECURE_SSL_REDIRECT', 'False') == 'True'
 SESSION_COOKIE_SECURE = os.environ.get('SESSION_COOKIE_SECURE', 'False') == 'True'
 CSRF_COOKIE_SECURE = os.environ.get('CSRF_COOKIE_SECURE', 'False') == 'True'
+SECURE_CROSS_ORIGIN_OPENER_POLICY = 'same-origin-allow-popups'

src/static/scripts/payment.js

@@ -5,6 +5,12 @@ let form = document.querySelector('.order-create-form')
 // Render the PayPal button into #paypal-button-container
 paypal.Buttons({
 
+    style: {
+        color: "gold",
+        shape: "rect",
+        layout: "vertical"
+    },
+
     // Call your server to set up the transaction
     createOrder: function(data, actions) {
         const formData = new FormData(form)
@@ -24,22 +30,19 @@ paypal.Buttons({
         })
 
         return fetch(request, options)
-            .then(function(res) {
+            .then((response) => response.json())
-                return res.json();
+            .then((order) => order.id)
-            }).then(function(orderData) {
-                return orderData.id;
-            });
     },
 
     // Call your server to finalize the transaction
-    onApprove: function(data, actions) {
+    onApprove: (data, actions) => {
         const csrftoken = getCookie("csrftoken")
         return fetch('/paypal/order/' + data.orderID + '/capture/', {
             method: 'post',
             headers: {'X-CSRFToken': csrftoken}
-        }).then(function(res) {
+        })
-            return res.json();
+        .then((response) => response.json())
-        }).then(function(orderData) {
+        .then((orderData) => {
             var errorDetail = Array.isArray(orderData.details) && orderData.details[0];
 
             if (errorDetail && errorDetail.issue === 'INSTRUMENT_DECLINED') {

src/storefront/payments.py

@@ -23,10 +23,10 @@ class PayPalClient:
         """Setting up and Returns PayPal SDK environment with PayPal Access credentials.
            For demo purpose, we are using SandboxEnvironment. In production this will be
            LiveEnvironment."""
-        if settings.DEBUG:
+        if settings.PAYPAL_ENVIRONMENT == 'LIVE':
-            self.environment = SandboxEnvironment(client_id=self.client_id, client_secret=self.client_secret)
-        else:
             self.environment = LiveEnvironment(client_id=self.client_id, client_secret=self.client_secret)
+        else:
+            self.environment = SandboxEnvironment(client_id=self.client_id, client_secret=self.client_secret)
 
         """ Returns PayPal HTTP client instance with environment which has access
             credentials context. This can be used invoke PayPal API's provided the