Reply
Highlighted
Member
Posts: 4
Registered: ‎03-28-2018

Sameorigin issue

I m getting this issue on Chrome in  Authorize.Net Accept Hosted form but wrk in firefox

 

Refused to display 'https://mysiteurl.com/scripts/IFrameCommunicator.html#action=resizeWindow&width=1000&height=301' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

 

pls help  on this what can i do ?

Highlighted
Member
Posts: 7
Registered: ‎03-07-2018

Re: Sameorigin issue

Your browser isn't allowing the iframe communicator page to be loaded in an iFrame because your server's webserver (apache or nginx probably) is setting a response header indicating that shouldn't be allowed.

 

Specifically, the webserver is setting the "X-Frame-Options" header to be "sameorigin", which means the browser should only load its content in an iframe if the referring page is also on "mysiteurl.com"... and because the iframe communicator page is being loaded in an iframe inside the authorize.net page (which was loaded as an iframe on your page) the iframe communicator page is not on the same domain as the authorize.net page.

 

The solution is to prevent your webserver from setting that header, or set it to allow requests from authorize.net. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options, especially where it says how to configure Apache or nginx to set the header.

 

If anyone knows of an easier fix, I'm all ears. But so far that's the best I can find.