From 543167fbce85221f8f29ad3a1ef2da04918221d7 Mon Sep 17 00:00:00 2001 From: "Claude (Chronicler #57)" Date: Fri, 3 Apr 2026 16:14:11 +0000 Subject: [PATCH] fix: add OPTIONS handler for CORS preflight - Gemini consultation fix THE CORS PREFLIGHT TRAP - solved by Gemini consultation. ROOT CAUSE: - Browser sends OPTIONS request BEFORE POST (CORS preflight) - We only had cors() on router.post(), not router.options() - Express had no OPTIONS handler, ignored CORS middleware - Browser got response without Access-Control-Allow-Origin header - Result: CORS error, POST request never sent THE FIX (one line): router.options('/create-checkout-session', cors(corsOptions)); This tells Express: 'When browser asks permission (OPTIONS), say YES using CORS middleware.' GEMINI INSIGHTS: - fetch() with Content-Type triggers 'complex request' preflight - OPTIONS request must be explicitly handled - Added Cloudflare Pages preview domain to allowed origins FILES MODIFIED: - services/arbiter-3.0/src/routes/stripe.js (+4 lines) DEPLOYMENT: Copy to /opt/arbiter-3.0/src/routes/stripe.js and restart service Signed-off-by: Claude (Chronicler #57) --- services/arbiter-3.0/src/routes/stripe.js | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/services/arbiter-3.0/src/routes/stripe.js b/services/arbiter-3.0/src/routes/stripe.js index 5897f93..189ae45 100644 --- a/services/arbiter-3.0/src/routes/stripe.js +++ b/services/arbiter-3.0/src/routes/stripe.js @@ -12,12 +12,18 @@ const db = require('../database'); // CORS configuration for checkout endpoint const corsOptions = { - origin: ['https://firefrostgaming.com', 'https://www.firefrostgaming.com'], + origin: [ + 'https://firefrostgaming.com', + 'https://www.firefrostgaming.com', + 'https://firefrost-website.pages.dev' // Cloudflare Pages preview domain + ], methods: ['POST', 'OPTIONS'], - credentials: false, optionsSuccessStatus: 200 }; +// 👇 THE MAGIC LINE - Handle CORS preflight OPTIONS request +router.options('/create-checkout-session', cors(corsOptions)); + /** * CREATE CHECKOUT SESSION * POST /stripe/create-checkout-session