Amazon Pay - Cross-Origin Request Blocked

Question

I have seen and read many posts on Cross-Origin Request Blocked but none of them make much sense to me.

I am integrating Amazon Pay into a Sitecore/MVC site and all was going well. However on the page I am rendering the button I have started to see an error. If I open the developer tools in either Chrome of Firefox and then load the page I see this is red:

GET https://payments-uk-sandbox.amazon.com/merchantAc...tus?countryOfEstablishment=UK&ledgerCurrency=GBP 200 OK 66ms Widgets.js (line 43)

Followed by:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://payments-uk-sandbox.amazon.com/merchantAccount/AAAJJFJJJFJJF/accountStatus?countryOfEstablishment=UK&ledgerCurrency=GBP. (Reason: CORS header 'Access-Control-Allow-Origin' missing).

From what I am reading and the way I am understanding it the problem is on the Amazon side. That would make sense as I wasn't getting this error yesterday and I have not changed any code on my page.

Can someone tell me if I have this right? Is there anything I can do? I do have an Integration contact at Amazon but they took 6 days to answer the last question I had so I am not holding my breath for a response any time soon.

Answer 1

You should call this from backend and if required show in frontend. CORS appeared because Amazon not allow to use this method in frontend of another site because of security issue.

Whats need to do: You need to create in your website method that creates web requrest to amazon and return some information, and you should call this method from js

here example:

create method in controller

    public class HomeController : Controller
{

    public ActionResult GetAccountStatus()
    {
        var client = new WebClient();
        client.Encoding = Encoding.UTF8;

        var response = client.DownloadString("https://payments-uk-sandbox.amazon.com/merchantAccount/AAAJJFJJJFJJF/accountStatus?countryOfEstablishment=UK&ledgerCurrency=GBP");

        return response;
    }
}

than from js on button click create request to your site

$.ajax({method: "GET",url: "/home/GetAccountStatus"}).done(function( msg ) {
alert( "Data received: " + msg );});