https://community.developer.cybersource.com/t5/Integration-and-Testing/Sameorigin-issue/m-p/64492#M38373 <P>Your browser isn't allowing the iframe communicator page to be loaded in an iFrame because your server's webserver (apache or nginx probably) is setting a response header indicating that shouldn't be allowed.</P><P>&nbsp;</P><P>Specifically, the webserver is setting the "X-Frame-Options" header to be "sameorigin", which means the browser should only load its content in an iframe if the referring page is also on "mysiteurl.com"... and because the iframe communicator page is being loaded in an iframe inside the authorize.net page (which was loaded as an iframe on your page) the iframe communicator page is not on the same domain as the authorize.net page.</P><P>&nbsp;</P><P>The solution is to prevent your webserver from setting that header, or set it to allow requests from authorize.net. See <A href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options" target="_blank">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options</A>, especially where it says how to configure Apache or nginx to set the header.</P><P>&nbsp;</P><P>If anyone knows of an easier fix, I'm all ears. But so far that's the best I can find.</P> Wed, 12 Sep 2018 23:21:15 GMT eventespresso 2018-09-12T23:21:15Z https://community.developer.cybersource.com/t5/Integration-and-Testing/Sameorigin-issue/m-p/62367#M36705 <P>I m getting this issue on Chrome in&nbsp; Authorize.Net Accept Hosted form but wrk in&nbsp;firefox</P><P>&nbsp;</P><P>Refused to display '<A href="https://mysiteurl.com/scripts/IFrameCommunicator.html#action=resizeWindow&amp;width=1000&amp;height=301" target="_blank">https://mysiteurl.com/scripts/IFrameCommunicator.html#action=resizeWindow&amp;width=1000&amp;height=301</A>' in a frame because it set 'X-Frame-Options' to 'sameorigin'.</P><P>&nbsp;</P><P>pls help&nbsp; on this what can i do ?</P> Wed, 28 Mar 2018 14:01:45 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/Sameorigin-issue/m-p/62367#M36705 ioiki 2018-03-28T14:01:45Z https://community.developer.cybersource.com/t5/Integration-and-Testing/Sameorigin-issue/m-p/64492#M38373 <P>Your browser isn't allowing the iframe communicator page to be loaded in an iFrame because your server's webserver (apache or nginx probably) is setting a response header indicating that shouldn't be allowed.</P><P>&nbsp;</P><P>Specifically, the webserver is setting the "X-Frame-Options" header to be "sameorigin", which means the browser should only load its content in an iframe if the referring page is also on "mysiteurl.com"... and because the iframe communicator page is being loaded in an iframe inside the authorize.net page (which was loaded as an iframe on your page) the iframe communicator page is not on the same domain as the authorize.net page.</P><P>&nbsp;</P><P>The solution is to prevent your webserver from setting that header, or set it to allow requests from authorize.net. See <A href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options" target="_blank">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options</A>, especially where it says how to configure Apache or nginx to set the header.</P><P>&nbsp;</P><P>If anyone knows of an easier fix, I'm all ears. But so far that's the best I can find.</P> Wed, 12 Sep 2018 23:21:15 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/Sameorigin-issue/m-p/64492#M38373 eventespresso 2018-09-12T23:21:15Z https://community.developer.cybersource.com/t5/Integration-and-Testing/Sameorigin-issue/m-p/78217#M49109 <P>X-Frame-Options is a header included in the response to the request to state if the domain requested will allow itself to be displayed within a frame. It has nothing to do with <A href="http://net-informations.com/js/iq/default.htm" target="_self">javascript</A> or HTML, and cannot be changed by the originator of the request. You can't set X-Frame-Options on the iframe. That is a response header set by the domain from which you are requesting the resource . They have set the header to SAMEORIGIN in this case, which means that they have disallowed loading of the resource in an iframe outside of their domain. So you cannot embed their website into yours. Browsers when see that the response header contains X-Frame-Options: SAMEORIGIN, they check your domain and block the rendering of the &lt;iframe&gt;. It is a security measure to avoid clickjacking.</P><P>&nbsp;</P> Fri, 27 Aug 2021 07:57:38 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/Sameorigin-issue/m-p/78217#M49109 leneborma 2021-08-27T07:57:38Z