diff --git a/functions/donation/_utils/checkout.ts b/functions/donation/_utils/checkout.ts index 634d13aef52..9af2a3e8fc5 100644 --- a/functions/donation/_utils/checkout.ts +++ b/functions/donation/_utils/checkout.ts @@ -4,6 +4,7 @@ import { getErrorMessageDonation, JsonError, } from "@ourworldindata/utils" +import { STRIPE_API_VERSION } from "./constants.js" function getPaymentMethodTypes( donation: DonationRequest @@ -27,7 +28,7 @@ export async function createCheckoutSession( key: string ) { const stripe = new Stripe(key, { - apiVersion: "2023-10-16", + apiVersion: STRIPE_API_VERSION, maxNetworkRetries: 2, }) diff --git a/functions/donation/_utils/constants.ts b/functions/donation/_utils/constants.ts new file mode 100644 index 00000000000..4ef974f5e67 --- /dev/null +++ b/functions/donation/_utils/constants.ts @@ -0,0 +1,18 @@ +export const CORS_HEADERS = { + "Access-Control-Allow-Origin": "*", + "Access-Control-Allow-Methods": "POST, OPTIONS", + // The Content-Type header is required to allow requests to be sent with a + // Content-Type of "application/json". This is because "application/json" is + // not an allowed value for Content-Type to be considered a CORS-safelisted + // header. + // - https://developer.mozilla.org/en-US/docs/Glossary/CORS-safelisted_request_header + "Access-Control-Allow-Headers": "Content-Type", +} + +export const DEFAULT_HEADERS = { + ...CORS_HEADERS, + "Content-Type": "application/json", +} // CORS headers need to be sent in responses to both preflight ("OPTIONS") and +// actual requests. + +export const STRIPE_API_VERSION = "2023-10-16" diff --git a/functions/donation/donate.ts b/functions/donation/donate.ts index 7c3e089469e..f889599f2aa 100644 --- a/functions/donation/donate.ts +++ b/functions/donation/donate.ts @@ -8,6 +8,7 @@ import { stringifyUnknownError, } from "@ourworldindata/utils" import { Value } from "@sinclair/typebox/value" +import { DEFAULT_HEADERS, CORS_HEADERS } from "./_utils/constants.js" interface DonateEnvVars { ASSETS: Fetcher @@ -19,24 +20,6 @@ const hasDonateEnvVars = (env: any): env is DonateEnvVars => { return !!env.ASSETS && !!env.STRIPE_SECRET_KEY && !!env.RECAPTCHA_SECRET_KEY } -// CORS headers need to be sent in responses to both preflight ("OPTIONS") and -// actual requests. -const CORS_HEADERS = { - "Access-Control-Allow-Origin": "*", - "Access-Control-Allow-Methods": "POST, OPTIONS", - // The Content-Type header is required to allow requests to be sent with a - // Content-Type of "application/json". This is because "application/json" is - // not an allowed value for Content-Type to be considered a CORS-safelisted - // header. - // - https://developer.mozilla.org/en-US/docs/Glossary/CORS-safelisted_request_header - "Access-Control-Allow-Headers": "Content-Type", -} - -export const DEFAULT_HEADERS = { - ...CORS_HEADERS, - "Content-Type": "application/json", -} - // This function is called when the request is a preflight request ("OPTIONS"). export const onRequestOptions: PagesFunction = async () => { return new Response(null, { diff --git a/functions/donation/thank-you.ts b/functions/donation/thank-you.ts index b4843f86a7f..2a8eccefeae 100644 --- a/functions/donation/thank-you.ts +++ b/functions/donation/thank-you.ts @@ -1,5 +1,5 @@ import Stripe from "stripe" -import { DEFAULT_HEADERS } from "./donate.js" +import { DEFAULT_HEADERS, STRIPE_API_VERSION } from "./_utils/constants.js" import { JsonError, stringifyUnknownError } from "@ourworldindata/utils" import { MailgunEnvVars, sendMail } from "./_utils/email.js" @@ -83,7 +83,7 @@ export const onRequestPost: PagesFunction = async ({ ) const stripe = new Stripe(env.STRIPE_SECRET_KEY, { - apiVersion: "2023-10-16", + apiVersion: STRIPE_API_VERSION, maxNetworkRetries: 2, })