I’m trying conect my website with PagSeguro API. In Insomnia the request works, but in my website, the cors is the problem.
Problem:
x
Access to XMLHttpRequest at 'https://sandbox.api.pagseguro.com/charges' from origin 'https://mobile-andre-luis.web.app' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
buyCartela.js:107 POST https://sandbox.api.pagseguro.com/charges net::ERR_FAILED
Code Section:
const request = new XMLHttpRequest();
const body = {
"reference_id": ``,
"description": ``,
"amount": {
"value": 200,
"currency": "BRL"
},
"payment_method": {
"type": "CREDIT_CARD",
"installments": 1,
"capture": true,
"soft_descriptor": "Cartela do Bode da Sorte",
"card": {
"number": ``,
"exp_month": ``,
"exp_year": ``,
"security_code": ``,
"holder": {
"name": ``
}
}
},
"notification_urls": [
"http://127.0.0.1:5500/form/buyVerify.html"
],
"metadata": {
"idVendedor": "Papai Noel",
"idCartela": ``,
"nameComprador": ``,
"phoneComprador": ``,
}
};
const url = `https://sandbox.api.pagseguro.com/charges`;
request.open("POST", url, true);
request.setRequestHeader("Access-Control-Allow-Origin","*");
request.setRequestHeader("Content-type","application/json");
request.setRequestHeader("Authorization","x");
request.setRequestHeader("x-api-version","4.0");
request.send(body);
console.log(request.response)