cancel
Showing results for 
Search instead for 
Did you mean: 

SIM iframe integration

Howdy,

 

As I was going through the SIM Implementation Guide (http://www.authorize.net/content/dam/authorize/documents/SIM_guide.pdf) and at the bottom of Page 30, I came across the following note

We do not recommend using frames with the hosted payment form. The hosted payment form is secure; however, the frame determines the presence of the lock icon in the user’s browser, so it will not appear.

What is the reasoning for Auth.Net to recommend against the implementation using an iframe? Aside for (potentially) the lock icon not being displayed. Does this mean Auth.Net will not provide support to such implementations? If there are serious concerns behind this note, why is this tacked on as a margin comment for some example rather than included in the main body of the document?

 

I am hoping to get someone from Auth.Net to comment on this

 

Thanks

evrth
Member
3 REPLIES 3

 

Hi evrth,

 

As explained in this previous post this is not something that we will normally recommend. If you decide to go this route please make sure that you add an SSL certificate to your site. Please check the post I referenced for detailed explanation.

 

Thanks,

Joy

Joy
Administrator Administrator
Administrator

Hi evrth (or anyone else),

 

Did you have success with this aproach?

 

We fully implemented the Iframe approach using the sandbox gateway, only to discover the production gateway is giving us a sameorigin denial.

 

The site has an SSL cert (not that has anything to do with the sameorigin issue).

 

Has anyone else encountered this issue?

 

Thanks!

 

- Charles

cfahey
Member

A little more detail.

 

When trying to load the Hosted Payment Form in an iFrame, the browser throws:

 

"Refused to display 'https://secure2.authorize.net/gateway/transact.dll' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'."