https://community.developer.cybersource.com/t5/Integration-and-Testing/Accept-Hosted-iFrame-Sandbox-issue-only-Browsers-started/m-p/94735#M58587 <P>UPDATE:&nbsp;I talked with Authorize.Net Support, and they have acknowledged the issue and told me they are working on a fix. However, they were unable to provide a timeline for resolution.</P> Fri, 19 Dec 2025 16:06:41 GMT aacampillo 2025-12-19T16:06:41Z https://community.developer.cybersource.com/t5/Integration-and-Testing/Accept-Hosted-iFrame-Sandbox-issue-only-Browsers-started/m-p/94677#M58559 <P>Urgent Sandbox issue. Our product has been successfully using the Accept Hosted payment method for years now where we embed the form in an iFrame. Recently the Chrome and Edge browsers started enforcing a content security policy that is blocking the action of the hosted form. Is anyone else experiencing this issue? We can't change anything in the embedded form provided by Authorize.Net to avoid the CSP issues, so we are helpless.</P><P>Error from browser console:</P><P>Executing inline script violates the following Content Security Policy directive 'script-src 'self' 'nonce-JPULaiHJBUucGA4TtPGSGA==' blob: https://*.ads-twitter.com https://*.authorize.net https://*.bing.com https://*.ceros.com https://*.contentsquare.com https://*.contentsquare.net https://*.cookiereports.com https://*.doubleclick.net https://*.eloqua.com https://*.en25.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googletagmanager.com https://*.gstatic.com https://*.idio.episerver.net https://*.licdn.com https://*.linkedin.com https://*.optimizely.com https://*.storygize.com https://*.twitter.com https://*.visa.com https://*.youtube.com <A href="https://api.company-target.com" target="_blank">https://api.company-target.com</A> <A href="https://cdn-assets-prod.s3.amazonaws.com" target="_blank">https://cdn-assets-prod.s3.amazonaws.com</A> <A href="https://code.jquery.com" target="_blank">https://code.jquery.com</A> <A href="https://company-target.com" target="_blank">https://company-target.com</A> <A href="https://id.rlcdn.com" target="_blank">https://id.rlcdn.com</A> <A href="https://optimizely.s3.amazonaws.com" target="_blank">https://optimizely.s3.amazonaws.com</A> <A href="https://rlcdn.com" target="_blank">https://rlcdn.com</A> <A href="https://s.company-target.com" target="_blank">https://s.company-target.com</A> <A href="https://scripts.demandbase.com" target="_blank">https://scripts.demandbase.com</A> <A href="https://segments.company-target.com" target="_blank">https://segments.company-target.com</A> <A href="https://storygize.com" target="_blank">https://storygize.com</A> <A href="https://tag-logger.demandbase.com" target="_blank">https://tag-logger.demandbase.com</A> <A href="https://tag.demandbase.com" target="_blank">https://tag.demandbase.com</A> https://&lt;domain&nbsp;and path&gt;/IFrameCommunicator.html'. Either the 'unsafe-inline' keyword, a hash ('sha256-rQFcSQ+uPvBBS36Ebz2AA8DWF5LxdwuQKeLhxEfN+Ec='), or a nonce ('nonce-...') is required to enable inline execution. The action has been blocked.</P><P>This is ONLY happening in the sandbox environments, not in production environments. However, our company replies on these sandbox environments to test and support hundreds of customers, but now we can no longer use them.</P> Sun, 07 Dec 2025 17:35:39 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/Accept-Hosted-iFrame-Sandbox-issue-only-Browsers-started/m-p/94677#M58559 aacampillo 2025-12-07T17:35:39Z https://community.developer.cybersource.com/t5/Integration-and-Testing/Accept-Hosted-iFrame-Sandbox-issue-only-Browsers-started/m-p/94735#M58587 <P>UPDATE:&nbsp;I talked with Authorize.Net Support, and they have acknowledged the issue and told me they are working on a fix. However, they were unable to provide a timeline for resolution.</P> Fri, 19 Dec 2025 16:06:41 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/Accept-Hosted-iFrame-Sandbox-issue-only-Browsers-started/m-p/94735#M58587 aacampillo 2025-12-19T16:06:41Z https://community.developer.cybersource.com/t5/Integration-and-Testing/Accept-Hosted-iFrame-Sandbox-issue-only-Browsers-started/m-p/95009#M58710 <P>Hi all,&nbsp;</P><P><a href="https://community.developer.cybersource.com/t5/user/viewprofilepage/user-id/33346">@aacampillo</a>&nbsp;have you received any update on the upcoming fix? We continue to see the issue as of today.</P> Mon, 23 Mar 2026 18:23:33 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/Accept-Hosted-iFrame-Sandbox-issue-only-Browsers-started/m-p/95009#M58710 NAntiman 2026-03-23T18:23:33Z https://community.developer.cybersource.com/t5/Integration-and-Testing/Accept-Hosted-iFrame-Sandbox-issue-only-Browsers-started/m-p/95011#M58712 <P><a href="https://community.developer.cybersource.com/t5/user/viewprofilepage/user-id/71584">@NAntiman</a>&nbsp;No update yet. I will reach out to them again now that it's been a few months.</P> Mon, 23 Mar 2026 21:17:37 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/Accept-Hosted-iFrame-Sandbox-issue-only-Browsers-started/m-p/95011#M58712 aacampillo 2026-03-23T21:17:37Z