如何在没有CORS预检的情况下向Stripe端点发出POST请求

Question

尝试向Node中的Stripe端点发出基本的POST请求：

@Bean
public Job job() {
    Flow flow1 = new FlowBuilder<SimpleFlow>("flow1")
                    .start(step1())
                    .next(step2())
                    .build();
    Flow flow2 = new FlowBuilder<SimpleFlow>("flow2")
                    .start(step3())
                    .build();

    return this.jobBuilderFactory.get("job")
                            .start(flow1)
                            .split(new SimpleAsyncTaskExecutor())
                            .add(flow2)
                            .next(step4())
                            .end()
                            .build();

响应

const https = require('https');
const options = {
  hostname: 'connect.stripe.com',
  port: 443,
  path: '/oauth/token',
  method: 'POST',
  headers: { 
    'Content-Type': 'application/x-www-form-urlencoded' 
  }
}

const req = https.request(
  options, res => 
    res.on('data', d => 
      process.stdout.write(d))
)
req.write(data) // client_secret=stripe_sk&grant_type=authorization_code...
req.end()

server.js

Failed to load https://connect.stripe.com/oauth/token:
No 'Access-Control-Allow-Origin' header is present on the requested resource. 
Origin 'http://localhost:3000' is therefore not allowed access. 
The response had HTTP status code 400.  If an opaque response serves your needs, 
set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

疯狂的猜测

看起来好像是在默默地修改标头，它不是简单 POST，而是带有一些附加标头的POST，而这些标头又触发了const express = require('express'); const next = require('next'); const nextI18NextMiddleware = require('next-i18next/middleware'); const nextI18next = require('./i18n'); const app = next({ dev: process.env.NODE_ENV !== 'production' }); const routes = require('./routes'); const handler = routes.getRequestHandler(app); (async () => { await app.prepare(); const server = express(); nextI18NextMiddleware(nextI18next, app, server); server.get('*', (req, res) => handler(req, res)); await server.listen(3000); console.log('Ready on http://localhost:3000'); })(); 规则。
使用邮递员，我得到了预期的结果，问题出在标题中。

如何了解影响POST请求的因素？ 任何提示将不胜感激！

HTTP 303

CORS preflight

OPTIONS请求

Request URL: https://connect.stripe.com/oauth/token
Request Method: GET
Status Code: 303 
Remote Address: 54.187.119.242:443
Referrer Policy: strict-origin-when-cross-origin
content-length: 0
content-security-policy: 
location: https://connect.stripe.com/login?redirect=%2Foauth%2Ftoken
referrer-policy: strict-origin-when-cross-origin
request-id: 1550537522-mreq_9XV0Kp3XVIJYPq
server: nginx
status: 303
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-ua-compatible: IE=Edge,chrome=1
Provisional headers are shown
DNT: 1
Referer: http://localhost:3000/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36

Answer 1

您需要将tires = float(input('How many tires would you like?')) if tires == 2: print('That will be $250') if tires == 4: print('That will be $400') else: print('That is not a valid input, please try again') 设置为Access-Control-Allow-Origin

对于Firebase Cloud Functions，您可以执行此操作...

*

但是，我不确定您使用的是哪台服务器，因此无法提供确切的代码。