Getting Access-Control-Allow-Origin error in console log when posting request to Payflow API

desarrollo
Contributor
Contributor
Posted on
‎Aug-29-2018 10:38 AM

Hello!

 

 

I'm implementing a credit card form in an Angular 4 application which uses the Paypal Payflow API to process payments. I've already created testing and production accounts in Paypal Manager.

 

In order to post test transactions I use Postman. From this application, I execute a POST request to https://pilot-payflowpro.paypal.com and send something like the string below in the request body: 


USER=****&PARTNER=PayPal&VENDOR=****&PWD=****&ACCT=****&EXPDATE=102020&TENDER=C&TRXTYPE=A&AMT=100&VERBOSITY=HIGH

 

Once I execute the request in Postman, It works just fine and the server returns with the expected string response.

 

Now, I implemented an Angular 4 application, wich uses the HttpClient Angular Library to execute post transactions; the request is looks something like this:

const httpHeaders: HttpHeaders new HttpHeaders( { 'Content-Type': 'text/plain'});

this.httpService.post(
'USER=****&PARTNER=PayPal&VENDOR=****&PWD=****&ACCT=****&EXPDATE=102020&TENDER=C&TRXTYPE=A&AMT=100&VERBOSITY=HIGH',
{ headers: httpHeaders, responseType: 'text' } )
.catch( ( error ) => {
console.log('error in requestPayflowPaymentToPayflowGatewayApi');
return Observable.throw(error);
} );

 

It's just a basic post request but it doesn't work when I execute the application in the browser; I get the next error in the console log:

 

Failed to load https://pilot-payflowpro.paypal.com/: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access.

 

Now, there is something really strange abouit it; When I disable web security in Google Chrome, which I do by opening Google Chrome running the command below in Windows, the application works just fine, executes the request to the server and it returns the expected response.

 

chrome.exe --user-data-dir="C:/Chrome dev session" --disable-web-security

 

I have the same issue when I post request using production data (a production Paypal Manager Account pointing to https://payflowpro.paypal.com)

 

Have anybody had this issue? What do you guys think that could be the problem here? 

 

Thanks in advance,

 

Alexis Bravo

Login to Me Too
0 Kudos
Login to Reply or Kudo
1 REPLY 1

desarrollo
Contributor
Contributor
‎Sep-04-2018 08:23 AM

Hello,

 

I found the solution to my problem. My E-commerce - Payflow integration has been developed in Angular (Javascript) and is a client-side application that works from a browser. The problem is that the Payflow Servers only accepts request from server-side applications; thats why, for security reasons, it was rejecting all of my requests (wchich were post from a javascript client-side application).

 

To solve the issue I've implemented a server-side application which listen requests from our Angular client-side application and posts requests to the Paypal Payflow API, and now the issue has been solved.

 

Regards, 

 

Alexis

Login to Me Too
0 Kudos
Login to Reply or Kudo

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.