I integrated Stripe Checkout to make payments for products and services on my site.

Everything works.

There is only one problem.

I want to validate whether the purchase was made or not and the only way to do it is through the following PHP code:

page-checkout.php

<?php
require_once('stripe/vendor/autoload.php');

// Set your secret key: remember to change this to your live secret key in production
// See your keys here: 
\Stripe\Stripe::setApiKey('sk_test_...');

/*-----------------------
Check if user is logged
-----------------------*/
if ( is_user_logged_in() ) {

/*-----------------------
Recupera data
-----------------------*/
$current_user = wp_get_current_user();

$user_email = $current_user->user_email;

/*-----------------------
Crea product with plan
-----------------------*/
if ( isset( $_GET['prodotto'] ) && $_GET['prodotto'] == 'mese') {

    $prodotto = \Stripe\Product::retrieve('prod_...');
    $piano = \Stripe\Plan::retrieve('plan_...');

    $session = \Stripe\Checkout\Session::create([
      'payment_method_types' => ['card'],
      'subscription_data' => [
        'items' => [[
          'plan' => $piano->id,
        ]],
      ],
      'success_url' => '.../dashboard',
      'cancel_url' => '.../processo-checkout/?prodotto=' . $_GET['prodotto'] . '&login=loggato',
    ]);

}

$endpoint_secret = 'whsec_...';

$payload = @file_get_contents('php://input');
$sig_header = $_SERVER['HTTP_STRIPE_SIGNATURE'];
$event = null;

try {
  $event = \Stripe\Webhook::constructEvent(
    $payload, $sig_header, $endpoint_secret
  );
} catch(\UnexpectedValueException $e) {
  // Invalid payload
  http_response_code(400);
  exit();
} catch(\Stripe\Error\SignatureVerification $e) {
  // Invalid signature
  http_response_code(400);
  exit();
}

// Handle the checkout.sessionpleted event
if ($event->type == 'checkout.sessionpleted') {
  $session = $event->data->object;

  // Fulfill the purchase...
  handle_checkout_session($session);
}

http_response_code(200);

/*-----------------------
Conclude check to see if the user is logged in
-----------------------*/
} else {
  wp_redirect( home_url() . '/processo-checkout/?prodotto=' . $_GET['prodotto'] );
  exit();
}

?>

<!DOCTYPE html>
<html <?php language_attributes(); ?>>
<head>
    <meta charset="utf-8">
    <meta http-equiv="x-ua-compatible" content="ie=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">

    <?php wp_head(); ?>

</head>
<body id="body" <?php body_class(); ?>>
<main id="contenuto-principale" itemscope="" itemtype="" role="main">

<script type="text/javascript">

var stripe = Stripe('pk_test_...');
var CHECKOUT_SESSION_ID = "<?php echo $session->id; ?>";

stripe.redirectToCheckout({
  // Make the id field from the Checkout Session creation API response
  // available to this file, so you can provide it as parameter here
  // instead of the {{CHECKOUT_SESSION_ID}} placeholder.
  sessionId: CHECKOUT_SESSION_ID
}).then(function (result) {
  // If `redirectToCheckout` fails due to a browser or network
  // error, display the localized error message to your customer
  // using `result.error.message`.
});
</script>

<?php get_footer(); ?>

The problem is that I receive the following message when I go to make the purchase:

Fatal error: Uncaught Stripe Exception SignatureVerificationException: Unable to extract timestamp and signatures from header

How can I solve this problem? I'm looking everywhere on Google but I haven't had any luck.

I also tried to print the $sig_header value and it returns empty.

Thanks to those who will help me!