stripe-js: POST to https://r.stripe.com/0 -> 403

Summary

When loading an element (using const element = stripeInstance.elements().create(...) and element.mount(...), I receive an initial 403 response, from a request going to https://r.stripe.com/0 (with the a response body of PERMISSION_DENIED: Missing origin). I also subsequently receive multiple similar ones.

This doesn’t seem to have any specific impact though, since the element is working just fine.

The request in details:

General
Request URL: https://r.stripe.com/0
Request Method: POST
Status Code: 403 
Remote Address: 54.186.23.98:443
Referrer Policy: strict-origin-when-cross-origin

Response Headers
content-length: 33
content-type: application/octet-stream;charset=utf-8
date: Mon, 13 Sep 2021 09:43:49 GMT
server: nginx
x-envoy-upstream-service-time: 1

Request Headers
:authority: r.stripe.com
:method: POST
:path: /0
:scheme: https
accept: application/json
accept-encoding: gzip, deflate, br
accept-language: en-US
content-length: 503
content-type: application/x-www-form-urlencoded
referer: https://js.stripe.com/
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_5_2) AppleWebKit/537.36 (KHTML, like Gecko) phealing/1.2.0 Chrome/89.0.4389.128 Electron/12.0.13 Safari/537.36

Form Data
event_name: elements.event.load
client_id: stripe-js
created: 1631526228736
event_count: 10
event_id: ace9a368-6c8b-43a3-8742-8a383954724a
os: MacOS
browserFamily: Chrome
version: cf1baae8a
key: XXXX
referrer: http://localhost:8080
stripe_js_id: 0cfdf8d1-da95-47ae-81f3-47410e19640b
controller_load_time: 1631526228620
wrapper: unknown
es_module: true
es_module_version: 1.15.1
frame_width: 1792
element: card

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 22 (3 by maintainers)

Most upvoted comments

I’m using Cypress for testing a page with stripe payment and I receive the same error when paying.

+14
tiec7 on Nov 24, 2021

Same issue here. Testing with Cypress, receives a 400.

+8
Giayychan on Nov 26, 2022

For anyone who ends up here because of errors while testing with cypress. Based on @phanmn comment you can do this:

  beforeEach(() => {
      cy.intercept(`https://r.stripe.com/0`, req => {
        req.headers['origin'] = 'https://js.stripe.com';
        req.headers['referer'] = 'https://js.stripe.com/';
      })
  });
+4
burnaDLX on May 23, 2023

Seeing this using Next js 12, not seeing any bugs though, but would like to know whats going on.

+3
pascuflow on Feb 17, 2022

Seeing this as well and it appears to be generating multiple requests that are thrashing page load time (this might be something I’m doing w/ re-render so please correct if this looks off). All but one are going to https://r.stripe.com/0 and the other is https://m.stripe.com/6.

@dweedon-stripe is there any update on the internal issue related to this?

Screen Shot 2022-11-16 at 12 36 02 PM
+2
rglover on Nov 16, 2022

Same issue here. Testing with Cypress, receives a 400.

+2
MehdiSv on Oct 29, 2022

I have to add these lines to make it work on electron app

session.defaultSession.webRequest.onBeforeSendHeaders((details, callback) => {
    if (details.url.includes('stripe.com')) {
      details.requestHeaders['origin'] = 'https://js.stripe.com';
      details.requestHeaders['referer'] = 'https://js.stripe.com/';
    }

    callback({ cancel: false, requestHeaders: details.requestHeaders });
  });
+1
phanmn on May 19, 2023

We are still facing this issue, with Cypress, response code is 400.

+1
animista01 on Aug 30, 2022

I’m also seeing a similar issue in Cypress, although the response is 400. The only response is Bad Request.

+1
blainemuri on Jun 30, 2022

Also seeing this in Cypress, FYI Cypress defaults to Electron

+1
andrewmclagan on Nov 29, 2021

s/@chrisbenti-stripe/@christopher-stripe

+1
chrisbenti-stripe on Sep 27, 2021
Read more comments on GitHub
← stripe-js: IntegrationError: show() must be called from a user gesture handler (Apple Pay)
stripe-node: Error payment_methods →