I'm developing a website in React using create-react-app. I'm using an external script for some features relating to credit card payment (Clover in this case). This script adds iframes to the page which themselves load some additional resources from the same domain such as other scripts and stylesheets. This all works fine. However in development when this script attempts to create a token to process payment, it calls another subdomain and I get the following error:
Access to fetch at 'https://token-sandbox.dev.clover.com/v1/tokens' from origin 'https://checkout.sandbox.dev.clover.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
I tried proxying the first script using http-proxy-middleware but then all the loading of additional resources are relative and fail since they now point to localhost.
Answering myself in case anyone ever stumbles upon this.
Turns out this error was not due to my own code, but is an error in the Clover hosted iframe integration, which sometimes errors out when an input isn't to its liking such as a name without last name or a malformatted postal code. The iframe can throw errors normally which you can catch and show, but those seem to be actual bugs or aren't handled properly on the Clover side of things, and end up throwing this confusing error which has nothing to do with the problem. Fiddling with the inputs will usually make it work eventually.