#levanto_api

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1220059398043471963

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Hi, that request you shared to create the Checkout Session succeeded. Can you confirm exactly when you're seeing this error? At what stage are you seeing this issue?

From looking at the error message it does not look like it's referring to using the wrong test Piblic API key. Instead, it more sounds like a Cross Origin issue, https://stackoverflow.com/questions/70695881/neterr-blocked-by-response-notsameoriginafterdefaultedtosameoriginbycoep-200. If you can add further details, I can further debug this on my end.

sorry, I put the last request on the log because it is a mandatory field, but I believe the error is before a request is sent

Ok, it looks like the error is due to you enabling the cross origin embedder policy. You need to remove the cross origin embedder policy on your and as we do not support cross-origin isolated sites. Can you remove it and try again?

ok, but is it safe to not have it?

Yes, not sure why you would think otherwise. Was there an issue you noticed?

I'm not familiar with CORS but it seems to be a security thing

and if it is enabled by default I wonder if it is approriate to disable it

if it could cause potential issues on the future etc

I do not think it's enabled by default, I was under the impression that you enabled the cross origin embedder policy.

I'm confused, is it a stripe configuration or a project configuration? I'm using the Svelte+Kit framework for my project but I don't remember changing anything about it

do u have an idea where that configuration would be? I'm searching on the internet but it is weirdly unclear

ok, I think I found it, was a piece of code I copied that had Cross-Origin-Embedder-Policy': 'require-corp in the middle of it

it didn't solve the error

I have no other Cross reference on my project

Can you share the URL so we can further debug this?

which url?

the full error is: GET https://js.stripe.com/v3 net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep 200 (OK)

The answer on this page seems very information, but I still don't understand the problem, maybe it can help:
https://stackoverflow.com/questions/69832906/how-to-prevent-err-blocked-by-response-notsameoriginafterdefaultedtosameoriginby

The page where you're trying to make this request and see the above error

it's a localhost/membership

Can you make it publicly accessible? You can use ngrok for instance

I think so, but I've never done that... how would that help?

it's a network problem with stripe js due to cross origin configuration

You're using Svelte+Kit framework which we do not know what they are controlling. For this reason, for us to help identify where the cross origin embedder policy is set we need to look at the URL.

the page is behind a login access

would it make a difference?

👋 stepping in here

hello

So yeah it sounds like you have your own COEP policy currently.

Stripe.JS can't load when you are enforcing a COEP

So you will need to disable that within your framework itself

I find it a really weird problem

I just openned a help post on the framework community about disabling coep

I'll wait their answer