19Oca
how should a web application verify a redirect comes from a trustworthy source?
This document has a sequence diagram (annotated and shown below) explaining how Stripe handle's a Checkout Session.
My question : When a customer is returned to the successUrl
= www.example.com/some/specific/path
, how can www.example.com (either client or server) verify it is truly coming from stripe.com instead of a malicious user?
Please see the sequence diagram below more details.