#antona-cors

Hi 👋 that's a fairly broad question, are you encountering a particular CORS error that you're trying to prevent?

Hi Toby! Let me give you the scenario. User embeds a form to collect payment on their website.

1. So with payment intent we will now have to collect the customers CC and send it server side to create a payment intent via Ajax. So concerned about restrictions related to cors attempting this. So Wondering how we would handle this type of scenario as we are trying to migrate to the latest version of stripes API

User embeds a form to collect payment on their website.
Can you clarify on this? Is this a form you create?

So it’s a saas application. Users can create payment forms in our application that they embed on their website (outside our Application). These users will have to have a stripe account to utilize this application.

So since payment intent new requirement, we want to ensure we are utilizing the best practice as suggested by stripe for this type of scenario to ensure everything remains secure but also not to trigger cross browser restrictions

Gotcha, then you'll probably want to use our Payment Element. You typically don't want to handle card numbers directly as that puts the PCI compliance burden on you.
https://stripe.com/docs/payments/payment-element

We are using payment elements but we still have to send a request server side using Ajax to get the payment intent object