#tibo1002

Hello, can you tell me where exactly you are seeing the 307?

If it is the dashboard page for the event, it may be your server that is responding with the 307

In the dashboard and with the stripe listen command

Can you show me a screenshot of where you are seeing the 307?

I included the request to the billing portal and the redirect

Ah, so that means that your server is responding with a 307

To be clear, these events are coming from Stripe and we expect just a simple 200 code back

Is it because of my redirect method ?

Yes

Also to clarify, this webhook happens because of the end customer, but the webhook itself has no affect on the end customer's browser session. Sending a redirect back to Stripe for this webhook will not redirect the user in their browser

So I don't need a redirect ?

For a webhook response? No

The redirect here is not for the webhook but to send the user to the billing portal page

That would be required client-side. The issue is that the redirect is how you are responding to webhook events

For the redirect to work, your client needs to reach out to your server and that is the thing to respond with a 307 redirect for

So it'd be better if I used a res.redirect at the end of my billing portal endpoint ?

Correct

The problem is that when I use a res.redirect I get a problem with CORS error with "Access-Control-Allow-Origin" missing
That's why I was using router.push() instead
This is the code with the redirect:

const portalSession = await stripe.billingPortal.sessions.create({
  customer: customerId,
  return_url: returnUrl,
});
res.redirect(300, portalSession.url);

Can you send the full CORS error that you are getting?

It's in French:

Blocage d’une requête multiorigines (Cross-Origin Request) : la politique « Same Origin » ne permet pas de consulter la ressource distante située sur https://billing.stripe.com/p/session/test_YWNjdF8xTnNpQ3JEcm90NWFRclZCLF9Pb1A0Sk1XOENkek81cnI4OGhBY3ptSFFoQ0ZlbkJa0100yU7xwkLq. Raison : l’en-tête CORS « Access-Control-Allow-Origin » est manquant. Code d’état : 200.

And:

Blocage d’une requête multiorigine (Cross-Origin Request) : la politique « Same Origin » ne permet pas de consulter la ressource distante située sur https://billing.stripe.com/p/session/test_YWNjdF8xTnNpQ3JEcm90NWFRclZCLF9Pb1A0Sk1XOENkek81cnI4OGhBY3ptSFFoQ0ZlbkJa0100yU7xwkLq. Raison : échec de la requête CORS. Code d’état : (null).

And I'm also getting an axios network error

Can you send me your client code for the request that you are responding to with this redirect?

If you want the axios.post it's in the screenshot above.

Can you try returning a 200 code along with the URL and see if your page can receive the text of the URL that you sent back?

For certain types or post request, you can't respond with a redirect. You need to send the URL back and then have the client do a redirect

Oh and actually have you tried including a "Access-Control-Allow-Origin" header as that is the one that the CORS errors mentions is missing?

Doing the redirect client-side is what I was doing with the router.push ?

I did not try to do that.
I was mostly following this StackOverflow thread

Yes it looks like router.push is a client-side redirect https://router.vuejs.org/guide/essentials/navigation.html

I'm using NextJS but I guess that it's the same.
I tried returning a 200 in the res.redirect and it was not working (I currently have a 300 like in the docs but it's not working too).

Unfortunately I'm not that knowledgable about next.js and am not finding info here. I think this may be something that you need to take to a Next.js forum. At this point the error is entirely between your specific server and client. It is about a Stripe URL but this error would happen for any URL passed like this.

Thx I'll do that.
Big thanks for taking your time trying to find a solution to my problem and explaining the potential cause.
👍👍👍

Sounds good! Sorry I was not able to help more