vinodliyanage
commented
1 year ago I think the test extensions provided by the extension-pay does not support my country. when I use a VPN it worked.
Closed vinodliyanage closed 1 year ago
vinodliyanage
commented
1 year ago I think the test extensions provided by the extension-pay does not support my country. when I use a VPN it worked.
Summary:
Payment processing failed in a MV3 Chrome extension that uses extension-pay, resulting in an error message
Access to fetch at 'https://r.stripe.com/0' from origin 'https://js.stripe.com/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.Description:
When attempting to process a payment using extension-pay in a MV3 Chrome extension, the payment did not proceed, and an error message was displayed in the dev console:
Access to fetch at 'https://r.stripe.com/0' from origin 'https://js.stripe.com/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.Steps to Reproduce:
Install the test extension provided by extension-pay in a Chrome browser. (MV3 or MV2 test extension) Navigate to the payment page via extpay's
extpay.openPaymentPage()function. Attempt to process a payment by clicking the pay button. Observe the error message in the dev console:Access to fetch at 'https://r.stripe.com/0' from origin 'https://js.stripe.com/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.Expected Result:
The payment should be processed successfully, and no CORS policy error should occur.
Actual Result:
The payment did not proceed, and an error message was displayed in the dev console:
Access to fetch at 'https://r.stripe.com/0' from origin 'https://js.stripe.com/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.Screenshots:
Additional Information:
This issue has also been observed in a MV2 test extension, indicating that it may be a problem with extension-pay itself. Setting the request's mode to 'no-cors' as suggested in the error message is not a viable solution, as it would disable the CORS policy and potentially create security vulnerabilities.