cancel
Showing results for 
Search instead for 
Did you mean: 

Content-Security-Policy Woes

It seems like the latest Chrome update broke our Accept Hosted integration -- opening iFrameCommunicator.html to display the payment method form.

 

We're now getting the error:

 

Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.[site].com') does not match the recipient window's origin ('https://accept.authorize.net').

 

Even though content-security policy is set and includes:

 

frame-ancestors 'self'  *.[site].com *.authorize.net;

 

I've run verifications on content-security-policy, all is valid there.

obsidianreq
Member
0 REPLIES 0