Cavalaa | Stripe Developers | Page 1

cosmic breachBOT May 12, 2023, 12:56 PM

#

pale osprey May 12, 2023, 12:57 PM

#

Hi 👋 I've created a thread, can you put your other context here?

hybrid rampart May 12, 2023, 12:57 PM

#

sorry! here

#

There's no GET request to that endpoint anywhere in my codebase

pale osprey May 12, 2023, 1:00 PM

#

Hm, can you share the code that is creating that request?

#

Also, that does appear to be logs for a POST request, can you confirm that request received the error you referenced?

hybrid rampart May 12, 2023, 1:03 PM

#

#

heres the request headers

#

const visitAccountLink = async (e) => {
var myHeaders = new Headers()
myHeaders.append('Content-Type', 'application/x-www-form-urlencoded')
myHeaders.append('Authorization', 'Bearer ' + stripeToken)

var urlencoded = new URLSearchParams()
urlencoded.append(
  'refresh_url',
  process.env.NEXT_PUBLIC_AUTH_URL + 'cash-out'
)
urlencoded.append(
  'return_url',
  process.env.NEXT_PUBLIC_AUTH_URL + 'cash-out'
)
urlencoded.append('account', accountID)
urlencoded.append('type', 'account_onboarding')

var requestOptions = {
  method: 'POST',
  headers: myHeaders,
  body: urlencoded,
  redirect: 'follow',
}

fetch('https://api.stripe.com/v1/account_links', requestOptions)
  .then((response) => response.text())
  .then((result) => {
    let jsonRes = JSON.parse(result)
    window.location.href = jsonRes.url
  })
  .catch((error) => console.log('error', error))

}

#

here's the only function that makes the request

pale osprey May 12, 2023, 1:07 PM

#

Is this client-side code, or server-side code?

hybrid rampart May 12, 2023, 1:07 PM

#

this is the frontend code, the backend code makes no API calls

pale osprey May 12, 2023, 1:08 PM

#

How are you doing that, is your secret key in your frontend code?

hybrid rampart May 12, 2023, 1:10 PM

#

yeah and it all matches up (y)

#

its deployed using vercel

pale osprey May 12, 2023, 1:11 PM

#

You shouldn't be sending your secret key to your frontend.

#

That exposes it, and anyone with that key can make requests for your account.

hybrid rampart May 12, 2023, 1:16 PM

#

yeah that's a great point, how should you hide it?

pale osprey May 12, 2023, 1:19 PM

#

By keeping it on your server, and using it from your server side code.

hybrid rampart May 12, 2023, 1:21 PM

#

ok, that's something to get sorted, but in the meantime how do I sort this error message I'm getting

pale osprey May 12, 2023, 1:25 PM

#

Personally I would suggest prioritizing refactoring your code so these requests are made from a server, I wouldn't anticipate this error continuing to be faced when creating Account Links from your server.

I'm not sure what is causing that error offhand, and it doesn't look like it created a request ID so I would have a hard time locating that on our end. I saw in your screenshot that some of the requests succeed, are you able to spot any difference between them? Are they being triggered by the same code?

hybrid rampart May 12, 2023, 1:29 PM

#

Idempotency-Key:
3f7f190e-8ea5-455d-a562-3c8ca3a74b38
Original-Request:
req_Gm7mI7lmEqDfgp
Request-Id:
req_Gm7mI7lmEqDfgp
Server:
nginx
Strict-Transport-Security:
max-age=63072000; includeSubDomains; preload
Stripe-Should-Retry:
false

#

The failed attempt has the above in the response headers where the other request has nothing

pale osprey May 12, 2023, 1:31 PM

#

That is showing as a POST request on our side. Have you checked the error returned in that response via the Stripe dashboard?
https://dashboard.stripe.com/logs/req_Gm7mI7lmEqDfgp
It gives me the impression that there are branding settings which need to be configured.

Stripe Login | Sign in to the Stripe Dashboard

Sign in to the Stripe Dashboard to manage business payments and operations in your account. Manage payments and refunds, respond to disputes and more.

hybrid rampart May 12, 2023, 1:33 PM

#

ah there it is, I'm getting a few settings we're missing on our end, let me see if that fixed it, thanks!

pale osprey May 12, 2023, 1:37 PM

#

Any time!

#Cavalaa