Glench/ExtPay

Access to fetch at 'https://r.stripe.com/0' from origin 'https://js.stripe.com' has been blocked by CORS policy

vinodliyanage opened this issue · 1 comments

Summary:

Payment processing failed in a MV3 Chrome extension that uses extension-pay, resulting in an error message Access to fetch at 'https://r.stripe.com/0' from origin 'https://js.stripe.com/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Description:

When attempting to process a payment using extension-pay in a MV3 Chrome extension, the payment did not proceed, and an error message was displayed in the dev console: Access to fetch at 'https://r.stripe.com/0' from origin 'https://js.stripe.com/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Steps to Reproduce:

Install the test extension provided by extension-pay in a Chrome browser. (MV3 or MV2 test extension)
Navigate to the payment page via extpay's extpay.openPaymentPage() function.
Attempt to process a payment by clicking the pay button.
Observe the error message in the dev console: Access to fetch at 'https://r.stripe.com/0' from origin 'https://js.stripe.com/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Expected Result:

The payment should be processed successfully, and no CORS policy error should occur.

Actual Result:

The payment did not proceed, and an error message was displayed in the dev console: Access to fetch at 'https://r.stripe.com/0' from origin 'https://js.stripe.com/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Screenshots:

extension-pay-bug-1

Additional Information:

This issue has also been observed in a MV2 test extension, indicating that it may be a problem with extension-pay itself. Setting the request's mode to 'no-cors' as suggested in the error message is not a viable solution, as it would disable the CORS policy and potentially create security vulnerabilities.

I think the test extensions provided by the extension-pay does not support my country. when I use a VPN it worked.