From 6d2bbf2c1d646ce324a0b8e69e2e3e7fd88c07e6 Mon Sep 17 00:00:00 2001 From: "Claude (Chronicler #57)" Date: Fri, 3 Apr 2026 16:07:15 +0000 Subject: [PATCH] fix: apply CORS directly to Stripe checkout route Moved CORS middleware from index.js to stripe.js route handler to fix 'No Access-Control-Allow-Origin header' error. ISSUE: - CORS middleware in index.js was registered BEFORE routes - Routes registered later overrode CORS settings - Browser showed: 'No Access-Control-Allow-Origin header is present' ROOT CAUSE: Line 50: CORS middleware for /stripe/create-checkout-session Line 91: app.use('/stripe', stripeRoutes) - registered AFTER CORS Result: Routes don't inherit CORS settings from middleware above them FIX: - Added cors import to src/routes/stripe.js - Applied CORS directly to create-checkout-session route handler - Removed CORS middleware from src/index.js - Now CORS is part of the route definition itself FILES MODIFIED: - services/arbiter-3.0/src/routes/stripe.js (+11 lines, CORS config) - services/arbiter-3.0/src/index.js (-7 lines, removed middleware) TESTING: - Subscribe button should now successfully call endpoint - Browser console should show 200 response, not CORS error Signed-off-by: Claude (Chronicler #57) --- services/arbiter-3.0/src/index.js | 8 -------- services/arbiter-3.0/src/routes/stripe.js | 13 +++++++++++-- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/services/arbiter-3.0/src/index.js b/services/arbiter-3.0/src/index.js index e0c1b43..6cba1af 100644 --- a/services/arbiter-3.0/src/index.js +++ b/services/arbiter-3.0/src/index.js @@ -46,14 +46,6 @@ app.use('/stripe/webhook', stripeRoutes); app.use(express.json()); app.use(express.urlencoded({ extended: true })); -// CORS configuration - Allow Stripe checkout requests from website -app.use('/stripe/create-checkout-session', cors({ - origin: ['https://firefrostgaming.com', 'https://www.firefrostgaming.com'], - methods: ['POST', 'OPTIONS'], - credentials: false, - optionsSuccessStatus: 200 -})); - // Make Discord client accessible to routes app.locals.client = client; diff --git a/services/arbiter-3.0/src/routes/stripe.js b/services/arbiter-3.0/src/routes/stripe.js index 5cb3e17..5897f93 100644 --- a/services/arbiter-3.0/src/routes/stripe.js +++ b/services/arbiter-3.0/src/routes/stripe.js @@ -6,15 +6,24 @@ const express = require('express'); const router = express.Router(); +const cors = require('cors'); const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY); const db = require('../database'); +// CORS configuration for checkout endpoint +const corsOptions = { + origin: ['https://firefrostgaming.com', 'https://www.firefrostgaming.com'], + methods: ['POST', 'OPTIONS'], + credentials: false, + optionsSuccessStatus: 200 +}; + /** * CREATE CHECKOUT SESSION * POST /stripe/create-checkout-session - * Body: { priceId, discordId } + * Body: { tier_level } */ -router.post('/create-checkout-session', async (req, res) => { +router.post('/create-checkout-session', cors(corsOptions), async (req, res) => { try { const { priceId, discordId } = req.body;