Missing or Invalid Token and multiple charges using Accept Hosted
Not sure where to start here but will describe the environment and then the issue our customer is experiencing.
The integration/gateway method we are using is Accept Hosted and the environment is a Windows 2012R2 server with a Classic ASP eCommerce software. The payment page (credit card entry) is set to popup in a modal iframe.
Worth mentioning... in order to get this gateway to function, we had to remove the HTTP Response header [X-Frame-Options SAMEORIGIN] and replace it with [Content-Security-Policy frame-ancestors 'self' *.authorize.net]. On domain-specific sites, we also add *.thedomain.com to the Content-Security-Policy value.
----- ----- Issue 1) Intermittently we are getting the message [Missing or Invalid Token]. This does not happen every time but is frequent enough to be of concern. One of the common fixes I have found in other forum threads was ensuring the code in the js file that effectively deletes the token when displaying the form, was commented out which we have done - that line of code is shown below:
Beyond this, we are lost as to why this only happens intermittently.
This issue also only happens occasionally where a customer tries placing their order multiple times and ends up getting charged multiple times as well but, and this is odd, only one of the orders gets a confirmation and the others go into the incomplete orders area. With Accept Hosted, since this is a hosted payment page, this should not even be possible in our view.
This may or may not be related to Accept Hosted directly but there is the occasion where a customer tries multiple times to place an order and it does not go through so those orders will end up in our 'incomplete orders' area as expected BUT, one of those attempts will show in Authorized and Pending but does not ever actually get authorized or charged/captured in the batch.
We recently, and tragically, lost our developer/integrator that was working on this integration. I have only a cursory understanding of this integration and the code involved so accept my apology for my layman's explanation of the issues we are having. Hoping someone in the community here might be able to point me in a direction to help get to the root cause.
I can provide any code samples requested for review.