如何在没有CORS预检的情况下向Stripe端点发出POST请求

尝试向Node中的Stripe端点发出基本POST请求：

const https = require('https');
const options = {
  hostname: 'connect.stripe',
  port: 443,
  path: '/oauth/token',
  method: 'POST',
  headers: { 
    'Content-Type': 'application/x-www-form-urlencoded' 
  }
}

const req = https.request(
  options, res => 
    res.on('data', d => 
      process.stdout.write(d))
)
req.write(data) // client_secret=stripe_sk&grant_type=authorization_code...
req.end()

The response

Failed to load :
No 'Access-Control-Allow-Origin' header is present on the requested resource. 
Origin 'http://localhost:3000' is therefore not allowed access. 
The response had HTTP status code 400.  If an opaque response serves your needs, 
set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

server.js

const express = require('express');
const next = require('next');
const nextI18NextMiddleware = require('next-i18next/middleware');
const nextI18next = require('./i18n');
const app = next({ dev: process.env.NODE_ENV !== 'production' });
const routes = require('./routes');
const handler = routes.getRequestHandler(app);

(async () => {
    await app.prepare();
    const server = express();
    nextI18NextMiddleware(nextI18next, app, server);
    server.get('*', (req, res) => handler(req, res));
    await server.listen(3000);
    console.log('Ready on http://localhost:3000');
})();

Wild guess

看起来像是默默地修改标题的东西，它不是一个简单的POST，而是一个带有一些额外标题的POST，它会触发CORS preflight规则。 使用Postman我得到预期的结果，问题出在标题中。

如何了解影响我的POST请求的内容？任何提示将不胜感激！

HTTP 303

Request URL: 
Request Method: GET
Status Code: 303 
Remote Address: 54.187.119.242:443
Referrer Policy: strict-origin-when-cross-origin
content-length: 0
content-security-policy: 
location: =%2Foauth%2Ftoken
referrer-policy: strict-origin-when-cross-origin
request-id: 1550537522-mreq_9XV0Kp3XVIJYPq
server: nginx
status: 303
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-ua-compatible: IE=Edge,chrome=1
Provisional headers are shown
DNT: 1
Referer: http://localhost:3000/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36

OPTIONS request

Request URL: 
Request Method: OPTIONS
Status Code: 303 
Remote Address: 54.187.119.242:443
Referrer Policy: no-referrer-when-downgrade
content-length: 0
content-security-policy: default-src 
location: =%2Foauth%2Ftoken
referrer-policy: strict-origin-when-cross-origin
request-id: 1550537522-mreq_9XV0Kp3XVIJYPq
server: nginx
status: 303
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-ua-compatible: IE=Edge,chrome=1
Provisional headers are shown
Access-Control-Request-Headers: access-control-allow-headers
Access-Control-Request-Method: POST
DNT: 1
Origin: http://localhost:3000
Referer: http://localhost:3000/profile/edit?code=ac_EYThaA5LNla8&state=35N1UGuPHac9
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36

你需要将Access-Control-Allow-Origin设置为*

对于Firebase云功能，您可以这样做......

res.header('Content-Type', 'application/json');
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Headers', 'Content-Type');
if (req.method === 'OPTIONS') {
res.status(204).send('');
}

但是，我不确定您使用的是哪个服务器，因此我无法提供确切的代码。