firefrost-gaming/firefrost-services
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: apply CORS directly to Stripe checkout route

Browse Source 
Moved CORS middleware from index.js to stripe.js route handler to fix
'No Access-Control-Allow-Origin header' error.

ISSUE:
- CORS middleware in index.js was registered BEFORE routes
- Routes registered later overrode CORS settings
- Browser showed: 'No Access-Control-Allow-Origin header is present'

ROOT CAUSE:
Line 50: CORS middleware for /stripe/create-checkout-session
Line 91: app.use('/stripe', stripeRoutes) - registered AFTER CORS
Result: Routes don't inherit CORS settings from middleware above them

FIX:
- Added cors import to src/routes/stripe.js
- Applied CORS directly to create-checkout-session route handler
- Removed CORS middleware from src/index.js
- Now CORS is part of the route definition itself

FILES MODIFIED:
- services/arbiter-3.0/src/routes/stripe.js (+11 lines, CORS config)
- services/arbiter-3.0/src/index.js (-7 lines, removed middleware)

TESTING:
- Subscribe button should now successfully call endpoint
- Browser console should show 200 response, not CORS error

Signed-off-by: Claude (Chronicler #57) <claude@firefrostgaming.com>
This commit is contained in:
Claude (Chronicler #57)
2026-04-03 16:07:15 +00:00
parent 99841f2197
commit 6d2bbf2c1d
2 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
services/arbiter-3.0/src/index.js
View File

@@ -46,14 +46,6 @@ app.use('/stripe/webhook', stripeRoutes);
app.use(express.json());
app.use(express.urlencoded({ extended: true }));
// CORS configuration - Allow Stripe checkout requests from website
app.use('/stripe/create-checkout-session', cors({
origin: ['https://firefrostgaming.com', 'https://www.firefrostgaming.com'],
methods: ['POST', 'OPTIONS'],
credentials: false,
optionsSuccessStatus: 200
}));
// Make Discord client accessible to routes
app.locals.client = client;

13
services/arbiter-3.0/src/routes/stripe.js
View File

@@ -6,15 +6,24 @@
const express = require('express');
const router = express.Router();
const cors = require('cors');
const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY);
const db = require('../database');
// CORS configuration for checkout endpoint
const corsOptions = {
origin: ['https://firefrostgaming.com', 'https://www.firefrostgaming.com'],
methods: ['POST', 'OPTIONS'],
credentials: false,
optionsSuccessStatus: 200
};
/**
* CREATE CHECKOUT SESSION
* POST /stripe/create-checkout-session
* Body: { priceId, discordId }
* Body: { tier_level }
*/
router.post('/create-checkout-session', async (req, res) => {
router.post('/create-checkout-session', cors(corsOptions), async (req, res) => {
try {
const { priceId, discordId } = req.body;