#AndreaDev2023

Hi there!

What's your question?

HI

php code return cors error

can post the code?

Pasting your other message here:

the endpoint code:

<?php
header('Access-Control-Allow-Origin: ');
header('Access-Control-Allow-Headers: Content-Type, X-Auth-Token, Authorization, Origin');
header('Access-Control-Allow-Methods: POST');

require_once('../stripe/init.php');

\Stripe\Stripe::setApiKey('sktest**');

try {
$requestData = json_decode(file_get_contents('php://input'), true);
$amount = $requestData['amount'];

// Crea un intento di pagamento
$paymentIntent = \Stripe\PaymentIntent::create([
    'amount' => $amount,
    'currency' => 'eur',
]);

// Invia il client secret come risposta JSON con le corrette intestazioni CORS
header('Content-Type: application/json');
echo json_encode(['clientSecret' => $paymentIntent->client_secret]);

} catch (\Stripe\Exception\ApiErrorException $e) {
// Gestisci eventuali errori nel modo desiderato
http_response_code(500); // Errore interno del server
echo json_encode(['error' => $e->getMessage()]);
}
?>
the php code return CORS ERROR

Can you share the exact error message you see?

this

why return error?

Hey! Taking over for my colleague. Let me catch up.

According to the screenshot you were sharing, the cors error is sent by your own endpoint and not Stripe APIs.

You should use header("Access-Control-Allow-Origin: *");

https://enable-cors.org/server_php.html

the header is already there...

you are not setting *

discord removed the asterisk on the code

Otherwise check your webserver (Nginx/Apache) if you have cors configuration

ok, i try

thanks for now

nothing

don't work

but why in local work?

Ah good point if in your local nv it works, that means in your server you have cors configured to block some network connection..

you need to configure/check your webserver and allow your cors settings

in local if i use this endpoint work: const { data: clientSecret } = await axios.post("api/payment_intents.js", {

this is code of endpoint in local import Stripe from "stripe";

const stripe = new Stripe(process.env.SECRET_KEY);

export default async (req, res) => {
if (req.method === "POST") {
try {
const { amount } = req.body;
// Psst. For production-ready applications we recommend not using the
// amount directly from the client without verifying it first. This is to
// prevent bad actors from changing the total amount on the client before
// it gets sent to the server. A good approach is to send the quantity of
// a uniquely identifiable product and calculate the total price server-side.
// Then, you would only fulfill orders using the quantity you charged for.

  const paymentIntent = await stripe.paymentIntents.create({
    amount,
    currency: "eur"
  });

  res.status(200).send(paymentIntent.client_secret);
} catch (err) {
  res.status(500).json({ statusCode: 500, message: err.message });
}

} else {
res.setHeader("Allow", "POST");
res.status(405).end("Method Not Allowed");
}
};

and in your server ?

<?php
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Headers: Content-Type, X-Auth-Token, Authorization, Origin");
header("Access-Control-Allow-Methods: POST");

require_once('../stripe/init.php');

\Stripe\Stripe::setApiKey('sk_test_');

$requestData = json_decode(file_get_contents('php://input'), true);
$amount = $requestData['amount'];

try {
$paymentIntent = \Stripe\PaymentIntent::create([
'amount' => $amount,
'currency' => 'eur',
'payment_method_types' => ['card'],
]);

// Invia il client secret come risposta JSON
header('Content-Type: application/json');
echo json_encode(['clientSecret' => $paymentIntent->client_secret]);

} catch (\Stripe\Exception\ApiErrorException $e) {
// Gestisci gli errori di Stripe
http_response_code(500);
echo json_encode(['error' => $e->getMessage()]);
}

?>

Could you please remove your secret key from the messages above

So it's the same code between your local env and you server, right ?

yes

in local and online use this endpoint https://app.scadero.it/funzioni_sito/payment_intents.php

with the code posted

So as I said. First, this isn't a Stripe API cors error. Second, you need to check your webserver at app.scadero.it and check it's CORS configuration.

mmm, need to request at the provider where i have hosted the server?

but the code php is correct?

yes, as it works fine in your local env

yes, you need to check with your hosting provider.

Access to XMLHttpRequest at 'https://app.scadero.it/funzioni_sito/payment_intents.php' from origin 'https://scadero.it' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

if possible that the endpoint is app.scadero.it and the client use scadero.it return error?

You need to check the webhosting provider of https://app.scadero.it and enable access from your frontend https://scadero.it/

Invalid value for stripe.confirmCardPayment intent secret: value should be a client_secret string. You specified: [object Object].

I think the error message is quiet explicit, try debug your integration and see why you are passing an object and not a String, the client secret.