03-28-2018 07:01 AM
I m getting this issue on Chrome in Authorize.Net Accept Hosted form but wrk in firefox
Refused to display 'https://mysiteurl.com/scripts/IFrameCommunicator.html#action=resizeWindow&width=1000&height=301' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
pls help on this what can i do ?
09-12-2018 04:21 PM
Your browser isn't allowing the iframe communicator page to be loaded in an iFrame because your server's webserver (apache or nginx probably) is setting a response header indicating that shouldn't be allowed.
Specifically, the webserver is setting the "X-Frame-Options" header to be "sameorigin", which means the browser should only load its content in an iframe if the referring page is also on "mysiteurl.com"... and because the iframe communicator page is being loaded in an iframe inside the authorize.net page (which was loaded as an iframe on your page) the iframe communicator page is not on the same domain as the authorize.net page.
The solution is to prevent your webserver from setting that header, or set it to allow requests from authorize.net. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options, especially where it says how to configure Apache or nginx to set the header.
If anyone knows of an easier fix, I'm all ears. But so far that's the best I can find.
08-27-2021 12:57 AM