I am very confused by the Server Side Checkout process. My experience with purchasing using PayPal is that I go to a vendors site, pick one or more products to buy then hit the PayPal button to purchase them. The PayPal Checkout process starts with me pressing the PayPal button which invokes PayPal supplied Javascript which coordinates calls to create_payment and execute_payment methods. The create_payment does not appear to take any details of the customer order and simply generates a payment_id - right (Qn 1)? The execute_payment also does not seem interested in the details of order although the PayPal script seems to have embedded a dummy order - I assume this is purely for demonstration purposes and the expectation is that the actual order details will be dynamically written into the script - right (Qn 2)? To wit, I have configured my Checkout controller to generate the JSON for the customer's order which is then passed to execute_payment. Is this the correct approach (Qn 3)?
In the create_payment method I return a Redirect to url returned from GetApprovalUrl:
https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=EC-6PG40312P30019039
to which I get:
Access to XMLHttpRequest at 'https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=EC-6PG40312P30019039' (redirected from 'https://localhost:44306/PayPalWebAPI/create_payment') from origin 'https://localhost:44306' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. [https://localhost:44306/Checkout/CheckoutItem]
This would seem to be a PayPal server issue rather than my server issue. My C# create_method has been configured with [EnableCors(origins: "*", headers: "*", methods: "*")] - any suggestions (Qn 4)?
