Reply
All Star
Posts: 699
Registered: ‎11-03-2016

Re: AUthorize.net hosted payment page not working in Chrome Version 60

Thanks @debasishbose2k@NexusSoftware, and everyone else on this thread for sharing your experiences. We've got a good understanding of the challenges now. From a documentation perspective, we'll try to come up with ways to help people understand the ins and outs of frame security and give some recommendations. We also have engineers looking at what possible solutions we can implement on our end.

 

Again, thanks!

Member
Posts: 1
Registered: ‎08-21-2017

Re: AUthorize.net hosted payment page not working in Chrome Version 60

Hi,

 

Thanks for posting the solution.

I have a question related to this. Since X-Frames is deprecated, does CSP server the same purpose from other servers to not allow framing.

All Star
Posts: 699
Registered: ‎11-03-2016

Re: AUthorize.net hosted payment page not working in Chrome Version 60

Hi @vallapus,

 

It's my understanding that it does, but it may not be as simple as just replacing one header with another, depending on which browsers you're trying to support. You may have to determine whether your targeted browsers all support the aspects of CSP that you want, and if not, come up with some hybrid approach.

Regular Contributor
Posts: 69
Registered: ‎03-21-2017

Re: AUthorize.net hosted payment page not working in Chrome Version 60

@Aaron,

 

We are also facing same issue.

 

Could you please update the implementation document with some proper hybrid approach.

Also it would be helpful if authorize.net publish this on news and update page.

 

I will try with the solution suggested by @NexusSoftware and come up with result.

All Star
Posts: 699
Registered: ‎11-03-2016

Re: AUthorize.net hosted payment page not working in Chrome Version 60

Hi @raviparmarce88,

 

Thanks for the input.

 

This isn't really a problem specific to us, but to anyone using any CSP headers or X-Frame-Options on their sites. If you don't use those headers, there's no problems with our forms, and if you do, you will run into different behavior on newer browsers when you start getting into frames within frames like this, whether we're involved or not.

 

If someone runs into that problem with our services, we still want to help them as much as we can, though. I'll make sure we at least address this in our developer FAQ, although a blog post would be a good idea. I'd like to encourage more people to think about security anyway, so a blog post walking someone through the "right" way to lock down our frames would definitely be useful.

Member
Posts: 4
Registered: ‎03-28-2018

Re: AUthorize.net hosted payment page not working in Chrome Version 60

 i m also getting same error on Chrome browzer..

 

Refused to display 'https://mysiteurl.com/scripts/IFrameCommunicator.html#action=resizeWindow&width=736&height=401' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
15:20:54.600

 

 

Any Sloution on this...