developer.authorize.net developer.cybersource.com
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a question

Hosted accept not working now server enforces X-Frame-Options: SAMEORIGIN

Hi,

We use the hosted accept to accept a payment, as per https://developer.authorize.net/api/reference/features/accept-hosted.html and https://github.com/AuthorizeNet/accept-sample-app 

This used to work absolutely fine. However, we have now configured the webserver to enforce these headers:

  • HSTS

  • X-Content-Type-Options set with a static value of nosniff on all routes.

  • X-Frame-Options: SAMEORIGIN to cover the CSP for frame-busting.

  • X-XSS-Protection "1; mode=block"

The hosted accept handshake is failing with the browser displaying:

chromewebdata/:1 Refused to display 'https://nyu-langone-ce.staging.cm-hosting.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

Is there any solution to this?

Many thanks

Nick

 

inkeyes
Contributor

‎09-01-2023 03:16 AM

0 Kudos
0 REPLIES 0
Copyright © 2024 Khoros, LLC