[Bug]: CORS error when accessing /pricing-preview

PaddleHQ / paddle-js-wrapper

Wrapper to load Paddle.js as a module and use TypeScript definitions when working with methods.

Apache License 2.0

28 stars 4 forks source link

[Bug]: CORS error when accessing /pricing-preview #37

Closed xgedev closed 1 month ago

xgedev commented 1 month ago

What happened?

I recently received reports from certain users not being able to view the prices for my subscription types. A screenshot of their browser console shows a CORS error. I can't reliably reproduce this, however one specific user always gets this error, no matter what they are trying.

Steps to reproduce

Run Paddle.initializePaddle(...) (works fine)
Run paddle.pricePreview(...) -> shows CORS error

What did you expect to happen?

No CORS error to be thrown.

How are you integrating?

SvelteKit

Logs

Access to fetch at 'https://api.paddle.com/pricing-preview' from origin 'https://mywebsite.com/subscriptions' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

vijayasingam-paddle commented 1 month ago

Hi @xgedev, Thank you for raising this bug report.

We usually throw this error if the client-side token is missing in the request or if the request is made from an unsupported country.

Would you by any chance know the location of the user who is consistently running into this error.

Thank you.

xgedev commented 1 month ago

Hi, thank you for the fast response. The user is from Ukraine and the client token is definitely set correctly. Any idea what is wrong here?

xgedev commented 1 month ago

Just read that there are regions of Ukraine that are unsupported. Is there any way I can check if the user is in an unsupported country to display an error message? Should I advise them to use a VPN?

vijayasingam-paddle commented 1 month ago

Hello, You won't be able to distinguish this error from others and it is by design to help prevent users identifying the error and using tools to circumvent them. You can use standard try/catch blocks to gracefully handle the error.

Should I advise them to use a VPN

Sorry, No. They are blocked from transacting due to regulatory reasons. We stand strongly against using any tools to bypass this restriction.

Please let us know if we can help with anything else. Thank you.

xgedev commented 1 month ago

Alright! Am I allowed to display an error message that says something like

Pricing could not be loaded. Make sure that your country is supported. Contact support@mail.com for help.

Or should I not mention the unsupported countries? Thank you for your answers so far!

vijayasingam-paddle commented 1 month ago

Hello, As this is a generic error handler, it could be confusing for users from supported countries who might see this error on the rare occurrence when Paddle API fails.

maybe Pricing could not be loaded. Please try again later or Contact support@mail.com for help. might be more appropriate?

xgedev commented 1 month ago

Will implement it like this, thanks!