- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The Same Origin Policy disallows reading the remote resource at https://api.authorize.net/xml/v1/req
โ04-22-2019 09:59 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Would love an answer from Authorize.net on this issue. In my previous post one of the moderators made mention of the developers pushing a fix for something. Was this the fix she was talking about?
@ElaineM If I am correctly assuming that you are seeing what you describe for this known cause, I can advise that our developers are currently working on an enhancement for an upcoming release to address this concern. Although we do not have an ETA for release, we are hopefull it will be soon.
โ04-23-2019 08:20 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Seems like the developers and/or mods are not interested in this issue, or my other issue.
Your support channel is asking us to come here and post, and many of the posts are being ignored. Not a great way to treat your developers at all.
โ04-25-2019 10:03 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I will try to help you when I am killing time. Post your js for the form processing. That's what we need to help you.
โ05-04-2019 08:19 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks @Renaissance , I appreciate you reaching out. Here's the code we're running, pretty much a direct copy/paste from their documentation. The exception being we are running this code inside jquery validate.
$("form[name=checkoutStep3]").validate({ rules: {...}, messages: {...}, errorPlacement: function(error, element) {...}, submitHandler: function(form) { // disable button and change text to please wait $("button[type=submit]").prop("disabled",true).text("Please Wait..."); // build the data needed to send to authnet var authData = {}; authData.clientKey = document.getElementById("CLIENT_KEY").value; authData.apiLoginID = document.getElementById("API_LOGIN_ID").value; var cardData = {}; cardData.cardNumber = document.getElementById("USER_CARD_NUMBER").value.replace(/\s+/g, ''); cardData.month = document.getElementById("USER_CARD_EXPIRATION_MONTH").value; cardData.year = document.getElementById("USER_CARD_EXPIRATION_YEAR").value; cardData.cardCode = document.getElementById("USER_CARD_CVV_CODE").value; var secureData = {}; secureData.authData = authData; secureData.cardData = cardData; // send data to authnet Accept.dispatchData(secureData, 'handleAuthnetResponse'); // function to handle the response window.handleAuthnetResponse = function(response) { // if there is an error in the response if (response.messages.resultCode === "Error") { var i = 0; while (i < response.messages.message.length) { //console.log(response.messages.message[i].code + ": " + response.messages.message[i].text); // alert out the error to the user alert("Error: " + response.messages.message[i].text); i = i + 1; } // Put the button back to the starting state $("button[type=submit]").prop("disabled",false).text("Continue To Review"); }
else{
paymentFormUpdate(response.opaqueData);
}
} // function to update the form with the data descriptor and value coming from authnet function paymentFormUpdate(opaqueData) { // get the data descriptor and value document.getElementById("DATA_DESCRIPTOR").value = opaqueData.dataDescriptor; document.getElementById("DATA_VALUE").value = opaqueData.dataValue; // remove values from form document.getElementById("USER_CARD_NUMBER").value = ""; document.getElementById("USER_CARD_EXPIRATION_MONTH").value = ""; document.getElementById("USER_CARD_EXPIRATION_YEAR").value = ""; document.getElementById("USER_CARD_CVV_CODE").value = ""; form.submit(); } } });
Because of some old posts I read dealing with CORS issues (see here), you'll see this (callback function is in quotes)...
Accept.dispatchData(secureData, 'handleAuthnetResponse');
and this (window.handleAuthnetResponse)...
window.handleAuthnetResponse = function(response) {
instead of this...
Accept.dispatchData(secureData, handleAuthnetResponse);
and this...
function handleAuthnetResponse(response) {
I didn't see any improvement in terms of the frequency in which we see these CORS issues, but it was worth a shot. At the moment we're seeing maybe a couple per day out of ~300 transactions using this form.
โ05-07-2019 09:59 AM - edited โ05-07-2019 10:03 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I will have to look at this. Getting breakfast now. I canโt help but wonder if your modification of the script has something to do with it. I have no idea what, until I look at this a little more. If it was something with anet I would imagine there would be dozens of posts like this every week.
It looks like the primary use of the jquery is to disable the submit button. I would expect a.net has it built in to prevent duplicate transactions. Maybe in the short term you could try using an unmodified script. Also- these 300 per day transactions are happening on the same network?
โ05-07-2019 10:14 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey @Renaissance, again, I sincerely appreciate your help.
jQuery is used to validate the form. We have a question inside this form which asks for their profession. So we validate to make sure that question is answered. I could remove jQuery validate and just do it inline, if you feel that is somehow causing an issue.
I have ran this script both with and without disabling the button, it didn't seem to change anything. We have a lot of double clickers, so it's something we've had to do site-wide. My fear is that once dispatchData is ran (on one click) another click would cause it to run again which would cause problems. But I'm not opposed to removing that also.
Yes, all of those transactions are happening on the same network. However we do use AWS load balancing so they are not all coming from the same server.
The thing that is very peculiar to me is the message "Cross-Origin Request Blocked" and it's almost like dispatchData never comes back with the token. We have some very advanced logging in place now (because of all of this mess) and we can tell when we do and do not get a response. It's like authnet's server is rejecting the request from it's own function. Here is a screencap of a console.log message where this happened yesterday... https://i.imgur.com/0a76Ogf.png
โ05-07-2019 11:20 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yeah CORS is related to the domains and the browser. I am wondering if it may be browser specific. It is odd that you are getting only 1% or 2% of your transactions doing this. I am still at a loss for what is happening exactly, but I think that a good step might be to do some systematic testing. Find out the browser version each person is using when this happens and try to recreate the event. Iโve still yet to look at your code in depth. Been busy.
โ05-12-2019 10:24 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am having a very similar problem to this. Has there been any traction on this?
โ10-29-2019 12:21 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
โ11-04-2019 05:15 AM