Integration and Testing

Authorize.Net API questions and help with your payment integration.

Reply
Member
Posts: 5
Registered: ‎09-15-2015

Content-Security-Policy Woes

It seems like the latest Chrome update broke our Accept Hosted integration -- opening iFrameCommunicator.html to display the payment method form.

 

We're now getting the error:

 

Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.[site].com') does not match the recipient window's origin ('https://accept.authorize.net').

 

Even though content-security policy is set and includes:

 

frame-ancestors 'self'  *.[site].com *.authorize.net;

 

I've run verifications on content-security-policy, all is valid there.