2

I have a problem with cors in firebase functions with express, I've tried a lot of stuff regarding this particual problem these are just a few of them:

I tried setting the headers before res.send():

res.setHeader("Access-Control-Allow-Origin", '*');

I tried to make the request go through cors middleware:

return cors(req, res, async() => { await ... } )

Tried to set cors origin to "Origin": true and "Origin": "*"

Tried to set app.options() for example:

app.options('*', cors()) // for every route

None of these did work and I get the preflight error, as I said I tried a lot of stuff from blog posts and from here (stackoverflow) none of the answers really helped with this, so can someone explain why do I get the error below, what is that preflight and why doesn't it pass the control check?

Access to XMLHttpRequest at 'https://us-central1-projectName.cloudfunctions.net/api/create-customer' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I have very little experience in the back-end and I think trying to figure out this now would definitely help in the future as I am still learning back-end.

For those who want to see the full code:

import * as functions from 'firebase-functions';
import * as express from 'express';
import Stripe from 'stripe';
import cors from 'cors';

const app = express();

app.use(cors({ origin: true }));
app.options('*', cors({ origin: true }));

const stripe = new Stripe(
  'API KEY',
);

app.get('/process-subscription', async (req, res) => {
  const endReq = () => {
    res.end();
  };
  const {
    customerId,
    checkPlan,
  } = req.params;

  if (checkPlan !== 'premium') {

    try {
      console.log(customerId);
      const subscription = await stripe.subscriptions.create({
        customer: customerId,
        items: [{ price: 'id' }], 
      });


      res.setHeader('Access-Control-Allow-Origin', '*');
      return res.send(subscription.id);
    } catch (err) {
      res.send(err);
      endReq();
    }
  } else {
    return res.send({
      isPremium: true,
      message: 'You already own a Premium Subscription!',
    });
    endReq();
  }
});

app.get('/create-customer', async (req, res) => {
  return cors(req, res, async () => {
    const endReq = () => {
      res.end();
    };
    const { email, name } = req.body;

    try {
      const customer = await stripe.customers.create({
        email: email,
        name: name,
      });
      res.setHeader('Access-Control-Allow-Origin', '*');
      return res.status(200).send(customer.id);
    } catch (err) {
      res.send(err);
      endReq();
    }
  });
});

app.get('/attach-method', async (req, res) => {
  res.set('Access-Control-Allow-Origin', '*');
  const endReq = () => {
    res.end();
  };

  const { customerId, paymentMethod } = req.params;
  try {
    const attachMethod = await stripe.paymentMethods.attach(paymentMethod, {
      customer: customerId,
    });
    let customer = await stripe.customers.update(customerId, {
      invoice_settings: {
        default_payment_method: paymentMethod,
      },
    });
    res.setHeader('Access-Control-Allow-Origin', '*');
    return res.status(200).send('Success');
  } catch (err) {
    res.send(err);
    endReq();
  }
});

export const api = functions.https.onRequest(app);

Thank you.

Ralemos
  • 5,571
  • 2
  • 9
  • 18
Dario K
  • 306
  • 1
  • 4
  • 15
  • Does this answer your question? [Enable Cors in Firebase Cloud Function](https://stackoverflow.com/questions/57326098/enable-cors-in-firebase-cloud-function) – Ralemos Feb 22 '21 at 17:40

1 Answers1

2

To fix this issue instead of using in the express route

return cors(req, res, () => {...})

I used this, just added brackets after cors:

return cors()(req, res, () => {...})
Dario K
  • 306
  • 1
  • 4
  • 15