- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SIM iframe integration
Howdy,
As I was going through the SIM Implementation Guide (http://www.authorize.net/content/dam/authorize/documents/SIM_guide.pdf) and at the bottom of Page 30, I came across the following note
We do not recommend using frames with the hosted payment form. The hosted payment form is secure; however, the frame determines the presence of the lock icon in the userโs browser, so it will not appear.
What is the reasoning for Auth.Net to recommend against the implementation using an iframe? Aside for (potentially) the lock icon not being displayed. Does this mean Auth.Net will not provide support to such implementations? If there are serious concerns behind this note, why is this tacked on as a margin comment for some example rather than included in the main body of the document?
I am hoping to get someone from Auth.Net to comment on this
Thanks
โ11-06-2015 08:25 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi evrth,
As explained in this previous post this is not something that we will normally recommend. If you decide to go this route please make sure that you add an SSL certificate to your site. Please check the post I referenced for detailed explanation.
Thanks,
Joy
โ11-13-2015 02:48 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi evrth (or anyone else),
Did you have success with this aproach?
We fully implemented the Iframe approach using the sandbox gateway, only to discover the production gateway is giving us a sameorigin denial.
The site has an SSL cert (not that has anything to do with the sameorigin issue).
Has anyone else encountered this issue?
Thanks!
- Charles
โ11-28-2015 10:49 AM - edited โ11-28-2015 10:50 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A little more detail.
When trying to load the Hosted Payment Form in an iFrame, the browser throws:
"Refused to display 'https://secure2.authorize.net/gateway/transact.dll' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'."
โ11-28-2015 11:41 AM