The Same Origin Policy disallows reading the remote resource at https://api.authorize.net/xml/v1/req

Would love an answer from Authorize.net on this issue. In my previous post one of the moderators made mention of the developers pushing a fix for something. Was this the fix she was talking about?

---

@ElaineM If I am correctly assuming that you are seeing what you describe for this known cause, I can advise that our developers are currently working on an enhancement for an upcoming release to address this concern. Although we do not have an ETA for release, we are hopefull it will be soon. 

---

Seems like the developers and/or mods are not interested in this issue, or my other issue.

Your support channel is asking us to come here and post, and many of the posts are being ignored. Not a great way to treat your developers at all.

@hojo 

I will try to help you when I am killing time.  Post your js for the form processing. That's what we need to help you.  

Thanks @Renaissance , I appreciate you reaching out. Here's the code we're running, pretty much a direct copy/paste from their documentation. The exception being we are running this code inside jquery validate.

$("form[name=checkoutStep3]").validate({
   rules: {...},
   messages: {...},
   errorPlacement: function(error, element) {...},
   submitHandler: function(form) {

       // disable button and change text to please wait
       $("button[type=submit]").prop("disabled",true).text("Please Wait...");   

       // build the data needed to send to authnet
       var authData = {};
           authData.clientKey = document.getElementById("CLIENT_KEY").value;
           authData.apiLoginID = document.getElementById("API_LOGIN_ID").value;
       var cardData = {};
           cardData.cardNumber = document.getElementById("USER_CARD_NUMBER").value.replace(/\s+/g, '');
           cardData.month = document.getElementById("USER_CARD_EXPIRATION_MONTH").value;
           cardData.year = document.getElementById("USER_CARD_EXPIRATION_YEAR").value;
           cardData.cardCode = document.getElementById("USER_CARD_CVV_CODE").value;
       var secureData = {};
           secureData.authData = authData;
           secureData.cardData = cardData;

       // send data to authnet
       Accept.dispatchData(secureData, 'handleAuthnetResponse');

       // function to handle the response
       window.handleAuthnetResponse = function(response) {

           // if there is an error in the response
           if (response.messages.resultCode === "Error") {

               var i = 0;

               while (i < response.messages.message.length) {

                   //console.log(response.messages.message[i].code + ": " + response.messages.message[i].text);

                   // alert out the error to the user
                   alert("Error: " + response.messages.message[i].text);

                   i = i + 1;

               }

               // Put the button back to the starting state
               $("button[type=submit]").prop("disabled",false).text("Continue To Review");

           }
           else{

              paymentFormUpdate(response.opaqueData);

           }


       }

       // function to update the form with the data descriptor and value coming from authnet
       function paymentFormUpdate(opaqueData) {

           // get the data descriptor and value
           document.getElementById("DATA_DESCRIPTOR").value = opaqueData.dataDescriptor;
           document.getElementById("DATA_VALUE").value = opaqueData.dataValue;

           // remove values from form
           document.getElementById("USER_CARD_NUMBER").value = "";
           document.getElementById("USER_CARD_EXPIRATION_MONTH").value = "";
           document.getElementById("USER_CARD_EXPIRATION_YEAR").value = "";
           document.getElementById("USER_CARD_CVV_CODE").value = "";

           form.submit();

       }
   
   }
});   

Because of some old posts I read dealing with CORS issues (see here), you'll see this (callback function is in quotes)...

       Accept.dispatchData(secureData, 'handleAuthnetResponse');

and this (window.handleAuthnetResponse)...

window.handleAuthnetResponse = function(response) {

instead of this...

       Accept.dispatchData(secureData, handleAuthnetResponse);

and this...

function handleAuthnetResponse(response) {

I didn't see any improvement in terms of the frequency in which we see these CORS issues, but it was worth a shot. At the moment we're seeing maybe a couple per day out of ~300 transactions using this form. 

Hey @Renaissance, again, I sincerely appreciate your help.

jQuery is used to validate the form. We have a question inside this form which asks for their profession. So we validate to make sure that question is answered. I could remove jQuery validate and just do it inline, if you feel that is somehow causing an issue.

I have ran this script both with and without disabling the button, it didn't seem to change anything. We have a lot of double clickers, so it's something we've had to do site-wide. My fear is that once dispatchData is ran (on one click) another click would cause it to run again which would cause problems. But I'm not opposed to removing that also.

Yes, all of those transactions are happening on the same network. However we do use AWS load balancing so they are not all coming from the same server.

The thing that is very peculiar to me is the message "Cross-Origin Request Blocked" and it's almost like dispatchData never comes back with the token. We have some very advanced logging in place now (because of all of this mess) and we can tell when we do and do not get a response. It's like authnet's server is rejecting the request from it's own function. Here is a screencap of a console.log message where this happened yesterday... https://i.imgur.com/0a76Ogf.png

I am having a very similar problem to this. Has there been any traction on this?