Cybersource Developer Community Cybersource Developer Community

evrth · ‎11-06-2015

Howdy,

As I was going through the SIM Implementation Guide (http://www.authorize.net/content/dam/authorize/documents/SIM_guide.pdf) and at the bottom of Page 30, I came across the following note

We do not recommend using frames with the hosted payment form. The hosted payment form is secure; however, the frame determines the presence of the lock icon in the user’s browser, so it will not appear.

What is the reasoning for Auth.Net to recommend against the implementation using an iframe? Aside for (potentially) the lock icon not being displayed. Does this mean Auth.Net will not provide support to such implementations? If there are serious concerns behind this note, why is this tacked on as a margin comment for some example rather than included in the main body of the document?

I am hoping to get someone from Auth.Net to comment on this

Thanks

evrth · ‎11-13-2015

Hi evrth,

As explained in this previous post this is not something that we will normally recommend. If you decide to go this route please make sure that you add an SSL certificate to your site. Please check the post I referenced for detailed explanation.

Thanks,

Joy

cfahey · ‎11-28-2015

Hi evrth (or anyone else),

Did you have success with this aproach?

We fully implemented the Iframe approach using the sandbox gateway, only to discover the production gateway is giving us a sameorigin denial.

The site has an SSL cert (not that has anything to do with the sameorigin issue).

Has anyone else encountered this issue?

Thanks!

- Charles

cfahey · ‎11-28-2015

A little more detail.

When trying to load the Hosted Payment Form in an iFrame, the browser throws:

"Refused to display 'https://secure2.authorize.net/gateway/transact.dll' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'."

Cybersource Developer Community Cybersource Developer Community

SIM iframe integration