Moved CORS middleware from index.js to stripe.js route handler to fix
'No Access-Control-Allow-Origin header' error.
ISSUE:
- CORS middleware in index.js was registered BEFORE routes
- Routes registered later overrode CORS settings
- Browser showed: 'No Access-Control-Allow-Origin header is present'
ROOT CAUSE:
Line 50: CORS middleware for /stripe/create-checkout-session
Line 91: app.use('/stripe', stripeRoutes) - registered AFTER CORS
Result: Routes don't inherit CORS settings from middleware above them
FIX:
- Added cors import to src/routes/stripe.js
- Applied CORS directly to create-checkout-session route handler
- Removed CORS middleware from src/index.js
- Now CORS is part of the route definition itself
FILES MODIFIED:
- services/arbiter-3.0/src/routes/stripe.js (+11 lines, CORS config)
- services/arbiter-3.0/src/index.js (-7 lines, removed middleware)
TESTING:
- Subscribe button should now successfully call endpoint
- Browser console should show 200 response, not CORS error
Signed-off-by: Claude (Chronicler #57) <claude@firefrostgaming.com>
6d2bbf2c1d