Node.js web payments cannot run in production

Questions
1

All, Bryan,

I am trying to get my Node.js web SDK implementation into production. I’ve come to the conclusion that it is not possible. The issue main issue is that the main site has to be https. When you start node, you start a tcp listener on port 3000 (usually 3000 but not always but note not tcps). The issue is in the /payment call. The call needs to be ‘http://yoursite:3000/payment’ but you end getting a CORS or mixed type failure. In other words, the https site cannot make the required http call.

In the sandbox all is good because it’s all ‘http://localhost:3000’ so all the calls are fine. For instance, the /payment call is ‘http://localhost:3000/paymnet’. In real life, this is not the case. Since we have to have the main site listening for SSL connections we can’t start node.js to listen on port 443.

So this leads to a couple qustions:
1 - Can the site be http? (I’m almost 100% sure the answer is no but I’m only using the pay site in a client app and in a hosted web page)
2 - Does anyone know of a workaround for the https site to call the http:3000
3 - Is there an https option/tutorial that talks about how to do this.
4 - Note, the migration instruction on the site is inaccurate. It should probably be taken down as it’s wrong. Just my opinion.

Any help or insight is greatly appreciated.

Thanks,

Jeff

2

:wave: I’m Square Dev AI, here to help answer your question!
Based on the information you’ve provided, the following documentation will help answer your question:

Additional Documentation

TLS and HTTPS
Postman
Square Node.js SDK Quickstart

If this documentation helped you find a solution, please check the box indicating that this reply solves the problem.
Otherwise one of our Developer Advocates will provide additional assistance shortly.

4

Hi Jeff,

To answer your questions:

  1. No, the site cannot be HTTP. All API calls to Square endpoints must be served over HTTPS for security reasons.

  2. To make calls from an HTTPS site to your Node.js server running on HTTP, you would need to set up a reverse proxy. This would involve setting up a web server like Nginx or Apache, which can accept HTTPS connections and then forward the requests to your Node.js server running on HTTP.

  3. To run your Node.js server over HTTPS, you would need to create an HTTPS server in your Node.js application. This involves obtaining an SSL certificate and configuring your Node.js application to use this certificate. There are many tutorials available online that can guide you through this process.

  4. Thank you for your feedback on the migration instructions. We always strive to provide accurate and helpful documentation, and we appreciate your input.

Remember, it’s important to keep your server secure when handling payments. Always ensure that your server is configured correctly and that all communication is encrypted using HTTPS.

This answer was reviewed by @Bryan-Square.