#coder141418_error

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1375225439294984303

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

hello! that seems very strange that it would be occurring inconsistently, usually CORS errors are pretty easy to reproduce in my experience... can you share more about what your code is doing? or do you have a publically accessible version of the site (ideally running in test mode) where i can take a look?

also do you know if the errors people ran into included a reason?

Here is our sandbox account which is setup in test mode: https://31183.danceticketing.com/r/events/

You can enter the show, add some tickets to your cart, fill out contact info and then the payment element loads once you accept the terms and hit "Continue to Payment Page"

We also thought it was super strange that it was running inconsistently and just haven't been able to get it to happen on our end.

Here is the image with some acct_id's and such removed. We had this happen on several occasions but this is the first time we had gotten the buyer to send us the console log (as you can imagine that's not the easiest thing to get people to do haha)

i can indeed imagine 😛

i'm not the best at troubleshooting CORS issues to be honest, but these mozilla docs make it sound like it could be a general networking issue based on the extremely helpfukl reason code CORS request did not succeed
https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS/Errors/CORSDidNotSucceed

In many cases, it is caused by a browser plugin (e.g., an ad blocker or privacy protector) blocking the request.

if you have open comms with the customer you could maybe suggest they try in incognito to see if that works?

I think we reached out to Stripe Support about this before and they mentioned it could block it and recommended that we disable hcaptcha since we were getting hcaptcha errors as well.

I will let my team know to ask them to try that next time for sure, I'd like to see if that works as well

We'd asked them before to disable adblockers but many said they didn't have any on 🙃

Just a question , Why are you making calls to stripe from the js running in the browser? I feel like since you blocked off the secret key in image that it could lead to leaking secrets?

It's the public key not the secret key and these are calls that are meant to be sent client side. We do have a server running the server side portion of the integration that uses secret keys

And we've already processed a solid 250k+ transactions with only about 0.01% of them having issues

I just blocked out any keys whatsoever to be safe though, definitely overkill since you can just find them in our js file on the site haha

i appreciate the caution 🙂

        // Create the customer session and get it back from the db.
        const session = await createCustomer(shopperGuid, studioId);
        
        // Ensure amount is properly rounded up and converted to an integer
        const roundedAmount = Math.round(amount * 100);
    
        const options = {
            mode: 'payment',
            amount: roundedAmount,
            currency: window.app.gateway_id === 5 ? 'usd' : 'cad',
            customerSessionClientSecret: session.customer_session_client_secret,
        };
        
        // Set up Stripe.js and Elements to use in checkout form
        elements = stripe.elements(options);

        // Create and mount the Payment Element
        const paymentElementOptions = { layout: 'accordion', paymentMethodOrder: ['card', 'apple_pay', 'google_pay'] };
        const paymentElement = elements.create('payment', paymentElementOptions);
        paymentElement.mount('#payment-element');

Is the code that's throwing the errors (specifically elements.create())

I work in Security as part of my job

i'm chatting with a teammate about this and i think we're on the same page, this is probably something client side that's goofing with the API call. it could be more than just ad blockers - it could be privacy extensions or really anything that sits between the client side call and us - i'll often suggest people try incognito mode since that usually disables all of their browser plugins in one go

Could be an issue with the source of the request as seen by api.stripe[.]com where something on your app is messing with something along the lines of the origin when sending the request

Or extensions*

I'll go ahead and pass this on and have them try it in incognito the next time it happens.

If that is the case, I feel like it's pretty annoying since we have quite a few buyers encountering this issue and it's definitely increasing time on our phone lines. If we did have a streamlined solution like sending them to incognito I think we'd be able to live with that as a solution

(also @brisk cedar i appreciate your contributions but we typically only allow the asker of the question and our staff to post in threads 🙂 )

Sorry Didnt realize that was how it was. Didnt see anything like that in the #📖rules

Yeah I wish we could reproduce it and then I could actually dig into the network calls but since we can't it's pretty hard to get anything out of it. We're running the app in ColdFusion so anything is possible lmao

Also appreciate the help RipRock for what it's worth, our dev team has been kind of stumped the last few days so any ideas are welcome

no worries!