developer.authorize.net developer.cybersource.com
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a question

The target origin provided ('our domain') does not match the recipient window's origin ('auth.net do

We are having the same issue as in this post: https://community.developer.authorize.net/t5/Integration-and-Testing/AUthorize-net-hosted-payment-pa...

 

From reading that post, we have tried applying the content-security-policy via web.config file (asp.net/IIS) is not working. We are passing a paymentProfileId in the token.

 

  • We are still seeing the error in the console.
    • Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('our domain') does not match the recipient window's origin ('auth.net domain')
  • The payment gets cut off and is not the correct size so you cannot see all of the fields.
  • The purchase window does not close after a purchase.

Example of web.config:


<httpProtocol>
<customHeaders>
<add name="Content-Security-Policy" value="frame-ancestors 'self' https://localhost:44300 *.ourdomain.com *.authorize.net" />
</customHeaders>
</httpProtocol>


We have even tried with the Content-Security-Policy-Report-Only but still no luck, it acts the same. 

 

What can we do when the content-security-policy is not working?

jfkrueger
Contributor

‎02-15-2021 01:43 PM

0 Kudos
4 REPLIES 4

Hello,

 

Try the following in your Web.config

<system.webServer>
  <httpProtocol>
<customHeaders>
<add name="Content-Security-Policy" value="frame-ancestors 'self' *.YOUR_WEBSITE.com *.authorize.net;" />
</customHeaders>
</httpProtocol>
</system.webServer>
Powered by NexWebSites.com -
Certified Authorize.net developers
NexusSoftware
Trusted Contributor

‎02-16-2021 03:42 AM

0 Kudos

I'm pretty sure we've tried that but let me give it another go and post back, thank you for the suggestion!

jfkrueger
Contributor
In response to NexusSoftware

‎02-23-2021 08:42 AM

0 Kudos

No dice, still does not work. I find it odd that it doesn't work with the report-only option. Does anyone know of a setting within IIS that would be overriding the web.config?

jfkrueger
Contributor
In response to jfkrueger

‎03-26-2021 01:12 PM

0 Kudos

Sometimes this error is the result of a target window that has not finished loading.

 

The basic syntax to check that the target frame has loaded would be :

const iframe = document.getElementById("pay_frame");
iframe.addEventListener("load", function() {

// Continue to display the content ... 
});

For IIS, to disable inheritance in child applications, wrap the configuration block in a:

<location path="." inheritInChildApplications="false">
<system.webServer>
  <httpProtocol>
<customHeaders>
<add name="Content-Security-Policy" value="frame-ancestors 'self' *.YOUR_WEBSITE.com *.authorize.net;" />
</customHeaders>
</httpProtocol>
</system.webServer>
</location>

 

Powered by NexWebSites.com -
Certified Authorize.net developers
NexusSoftware
Trusted Contributor
In response to jfkrueger

‎03-26-2021 02:25 PM - edited ‎03-26-2021 02:30 PM

0 Kudos
Copyright © 2024 Khoros, LLC