11-06-2015 08:25 AM
As I was going through the SIM Implementation Guide (http://www.authorize.net/content/dam/authorize/documents/SIM_guide.pdf) and at the bottom of Page 30, I came across the following note
We do not recommend using frames with the hosted payment form. The hosted payment form is secure; however, the frame determines the presence of the lock icon in the user’s browser, so it will not appear.
What is the reasoning for Auth.Net to recommend against the implementation using an iframe? Aside for (potentially) the lock icon not being displayed. Does this mean Auth.Net will not provide support to such implementations? If there are serious concerns behind this note, why is this tacked on as a margin comment for some example rather than included in the main body of the document?
I am hoping to get someone from Auth.Net to comment on this
11-13-2015 02:48 PM
11-28-2015 10:49 AM - edited 11-28-2015 10:50 AM
Hi evrth (or anyone else),
Did you have success with this aproach?
We fully implemented the Iframe approach using the sandbox gateway, only to discover the production gateway is giving us a sameorigin denial.
The site has an SSL cert (not that has anything to do with the sameorigin issue).
Has anyone else encountered this issue?
11-28-2015 11:41 AM
A little more detail.
When trying to load the Hosted Payment Form in an iFrame, the browser throws:
"Refused to display 'https://secure2.authorize.net/gateway/transact.dll' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'."