Access to fetch at 'https://r.stripe.com/0' from origin 'https://js.stripe.com' has been blocked by CORS policy
vinodliyanage opened this issue · 1 comments
Summary:
Payment processing failed in a MV3 Chrome extension that uses extension-pay, resulting in an error message Access to fetch at 'https://r.stripe.com/0' from origin 'https://js.stripe.com/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Description:
When attempting to process a payment using extension-pay in a MV3 Chrome extension, the payment did not proceed, and an error message was displayed in the dev console: Access to fetch at 'https://r.stripe.com/0' from origin 'https://js.stripe.com/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Steps to Reproduce:
Install the test extension provided by extension-pay in a Chrome browser. (MV3 or MV2 test extension)
Navigate to the payment page via extpay's extpay.openPaymentPage()
function.
Attempt to process a payment by clicking the pay button.
Observe the error message in the dev console: Access to fetch at 'https://r.stripe.com/0' from origin 'https://js.stripe.com/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Expected Result:
The payment should be processed successfully, and no CORS policy error should occur.
Actual Result:
The payment did not proceed, and an error message was displayed in the dev console: Access to fetch at 'https://r.stripe.com/0' from origin 'https://js.stripe.com/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Screenshots:
Additional Information:
This issue has also been observed in a MV2 test extension, indicating that it may be a problem with extension-pay itself. Setting the request's mode to 'no-cors' as suggested in the error message is not a viable solution, as it would disable the CORS policy and potentially create security vulnerabilities.
I think the test extensions provided by the extension-pay does not support my country. when I use a VPN it worked.