Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Access to XMLHttpRequest blocked by CORS Policy in ReactJS using Axios

Tags:

reactjs

axios

stripe-payments

I'm setting up stripe connect button in my React Component using Axios. I keep getting this error after redirection 

Access to XMLHttpRequest at 'https://connect.stripe.com/oauth/token' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.
Thankyou.js:40 Error: Network Error
    at createError (createError.js:16)
    at XMLHttpRequest.handleError (xhr.js:87)

I get the code from the url and create a curl request using axios.Post. This is the code in my redirect URL

// Thankyou.js
export default class Thankyou extends Component {
  constructor(props) {
    super(props);
  }
  componentDidMount() {
    const code = qs.parse(this.props.location.search, {
      ignoreQueryPrefix: true
    }).code;

    const params = {
      client_id: "*******************",
      client_secret: "**********************",
      grant_type: "authorization_code",
      code: code
    };

    axios
      .post(
        "https://connect.stripe.com/oauth/token",
        // apiBaseUrl,
        { params }
      )
      .then(function(response) {
        console.log(response);
      })
      .catch(function(error) {
        console.log(error);
      });
    console.log(code);
  }

  render() {
    return (
      <div>
        <h2>Thank you for connecting with us!</h2>
      </div>
    );
  }
}
like image 321
newbie Avatar asked Sep 17 '25 01:09

newbie

1 Answers

There is nothing wrong with your code, but most likely the API endpoint the code trying to reach is not setup for JavaScript web app. CORS policy is set on the server-side and enforced primarily on the browser-side.

The best way to work around is to use Stripe's JavaScript solution such as Strip React Elements or Stripe.js.

A hacky way to get around CORS would be setting up Reverse proxy with solutions such as NGINX. For example, you can use the following nginx configuration:

server {
    listen 8080;
    server_name _;

    location / {
        proxy_pass http://your-web-app:2020/;
    }

    location /stripe/ {
        proxy_pass https://connect.stripe.com/;
    }
}

By doing so, all the API calls to Stripe.com could be through /stripe under your web app's URL. For example, calling http://yourapp/stripe/oauth/token would be same as calling https://connect.stripe.com/oauth/token

That being said, the second solution is hacky and Stripe may decide to block your reverse proxy server.

like image 74
Tianzhen Lin Avatar answered Sep 19 '25 17:09

Tianzhen Lin
Sign in to Comment

Related questions

How to read Spring Boot application.properties in ReactJs app?
How to drag an element and ensure that the cursor won't faster than it?
"Cannot find name 'div'.ts(2304)" when creating a new React application?
Code in async function executed twice when called from React
how to use console.log in react
React Native: You attempted to set the key on an object that is meant to be immutable and has been frozen

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!