RoughRider | Stripe Developers | Page 1

strange meteorBOT Dec 5, 2022, 1:02 AM

#

grave root Dec 5, 2022, 1:03 AM

#

hello! you can see the full list of IP addresses that you would want to whitelist here : https://stripe.com/docs/ips#webhook-notifications

halcyon token Dec 5, 2022, 1:27 AM

#

const whitelist = [
"http://localhost:3001",
'https://invest-ed-dev.herokuapp.com',
'https://stripe.com',
"3.18.12.63",
"3.130.192.231",
"13.235.14.237",
"13.235.122.149",
"18.211.135.69",
"35.154.171.200",
"52.15.183.38",
"54.88.130.119",
"54.88.130.237",
"54.187.174.169",
"54.187.205.235",
"54.187.216.72"
];
const corsOptions = {
credentials: true,
allowedHeaders: ['Origin, X-Requested-With, Content-Type, Accept'],
origin: function (origin,x, callback) {
if (whitelist.indexOf(origin) !== -1) {
callback(null, true);
} else {
console.log(origin)
callback(new Error('Not allowed by CORS'));
}
}
};

app.use(cors(corsOptions));

#

I am using this

#

getting this error thrown by the callback - Error: Not allowed by CORS

#

And console.log(origin) comes as undefined

grave root Dec 5, 2022, 1:36 AM

#

I think in most cases, users usually whitelist those IP addresses on their host providers, and then also perform signature verification.

#

is there a reason why you're trying to use CORS instead?

#

for context, CORS is for requests your page makes in the browser i.e. Cross origin requests. For webhooks your server receives an incoming request, so there's no such thing as CORS for it

halcyon token Dec 5, 2022, 1:39 AM

#

because my server was already using cors

#RoughRider