From de5cd64679e3ae7fdceca161a52fd8f9ccf325d9 Mon Sep 17 00:00:00 2001
From: Razmig Sarkissian <razmig@padelclub.app>
Date: Mon, 29 Sep 2025 16:00:21 +0200
Subject: [PATCH] Add HTTPS requirement for production Stripe account links

---
 api/views.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/api/views.py b/api/views.py
index 1e7b9c8..e21a8d8 100644
--- a/api/views.py
+++ b/api/views.py
@@ -520,7 +520,12 @@ def create_stripe_account_link(request):
         }, status=400)
 
     try:
-        base_path = f"{request.scheme}://{request.get_host()}"
+        # Force HTTPS for production Stripe calls
+        if hasattr(settings, 'STRIPE_MODE') and settings.STRIPE_MODE == 'live':
+            base_path = f"https://{request.get_host()}"
+        else:
+            base_path = f"{request.scheme}://{request.get_host()}"
+
         print("create_stripe_account_link", base_path)
         refresh_url = f"{base_path}/stripe-refresh-account-link/"
         return_url = f"{base_path}/stripe-onboarding-complete/"