Reply
Member
Posts: 4
Registered: ‎04-02-2015

SIM iframe integration

Howdy,

 

As I was going through the SIM Implementation Guide (http://www.authorize.net/content/dam/authorize/documents/SIM_guide.pdf) and at the bottom of Page 30, I came across the following note

We do not recommend using frames with the hosted payment form. The hosted payment form is secure; however, the frame determines the presence of the lock icon in the user’s browser, so it will not appear.

What is the reasoning for Auth.Net to recommend against the implementation using an iframe? Aside for (potentially) the lock icon not being displayed. Does this mean Auth.Net will not provide support to such implementations? If there are serious concerns behind this note, why is this tacked on as a margin comment for some example rather than included in the main body of the document?

 

I am hoping to get someone from Auth.Net to comment on this

 

Thanks

Administrator Administrator
Administrator
Posts: 563
Registered: ‎08-03-2011

Re: SIM iframe integration

 

Hi evrth,

 

As explained in this previous post this is not something that we will normally recommend. If you decide to go this route please make sure that you add an SSL certificate to your site. Please check the post I referenced for detailed explanation.

 

Thanks,

Joy

Member
Posts: 6
Registered: ‎11-28-2015

Re: SIM iframe integration

[ Edited ]

Hi evrth (or anyone else),

 

Did you have success with this aproach?

 

We fully implemented the Iframe approach using the sandbox gateway, only to discover the production gateway is giving us a sameorigin denial.

 

The site has an SSL cert (not that has anything to do with the sameorigin issue).

 

Has anyone else encountered this issue?

 

Thanks!

 

- Charles

Member
Posts: 6
Registered: ‎11-28-2015

Re: SIM iframe integration

A little more detail.

 

When trying to load the Hosted Payment Form in an iFrame, the browser throws:

 

"Refused to display 'https://secure2.authorize.net/gateway/transact.dll' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'."