Search

OUR API

API Developer Guides API Reference Sample Code [on GitHub]
SDKs [on GitHub] API Change Log System Change Log
Upgrade Guide

Hello World

Get Started Common Setup Questions How Payments Work
Testing Guide Go-Live Checklist

Support

Get Support News and Announcements Forums
Authorize.net on GitHub Authorize.net on Stack Overflow Developer Blog
Response (Error) Codes FAQs Knowledge Base

Sign In

Sandbox Affiliate

Search Developer Site

Integration and Testing

Authorize.Net API questions and help with your payment integration.

Reply
Contributor
jfkrueger
Posts: 12
Registered: ‎01-03-2019

The target origin provided ('our domain') does not match the recipient window's origin ('auth.net do

‎02-15-2021 01:43 PM

We are having the same issue as in this post: https://community.developer.authorize.net/t5/Integration-and-Testing/AUthorize-net-hosted-payment-pa...

 

From reading that post, we have tried applying the content-security-policy via web.config file (asp.net/IIS) is not working. We are passing a paymentProfileId in the token.

 

  • We are still seeing the error in the console.
    • Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('our domain') does not match the recipient window's origin ('auth.net domain')
  • The payment gets cut off and is not the correct size so you cannot see all of the fields.
  • The purchase window does not close after a purchase.

Example of web.config:


<httpProtocol>
<customHeaders>
<add name="Content-Security-Policy" value="frame-ancestors 'self' https://localhost:44300 *.ourdomain.com *.authorize.net" />
</customHeaders>
</httpProtocol>


We have even tried with the Content-Security-Policy-Report-Only but still no luck, it acts the same. 

 

What can we do when the content-security-policy is not working?

Message 1 of 5 (675 Views)
Reply
0 Kudos
NexusSoftware
Posts: 492
Topics: 0
Kudos: 97
Blog Posts: 0
Ideas: 0
Solutions: 42
Registered: ‎04-28-2017

Re: The target origin provided ('our domain') does not match the recipient window's origin ('auth.ne

‎02-16-2021 03:42 AM

Hello,

 

Try the following in your Web.config

<system.webServer>
  <httpProtocol>
<customHeaders>
<add name="Content-Security-Policy" value="frame-ancestors 'self' *.YOUR_WEBSITE.com *.authorize.net;" />
</customHeaders>
</httpProtocol>
</system.webServer>
Powered by NexWebSites.com -
Certified Authorize.net developers
Message 2 of 5 (662 Views)
Reply
0 Kudos
Contributor
jfkrueger
Posts: 12
Registered: ‎01-03-2019

Re: The target origin provided ('our domain') does not match the recipient window's origin ('auth.ne

‎02-23-2021 08:42 AM

I'm pretty sure we've tried that but let me give it another go and post back, thank you for the suggestion!

Message 3 of 5 (621 Views)
Reply
0 Kudos
Contributor
jfkrueger
Posts: 12
Registered: ‎01-03-2019

Re: The target origin provided ('our domain') does not match the recipient window's origin ('auth.ne

‎03-26-2021 01:12 PM

No dice, still does not work. I find it odd that it doesn't work with the report-only option. Does anyone know of a setting within IIS that would be overriding the web.config?

Message 4 of 5 (464 Views)
Reply
0 Kudos
NexusSoftware
Posts: 492
Topics: 0
Kudos: 97
Blog Posts: 0
Ideas: 0
Solutions: 42
Registered: ‎04-28-2017

Re: The target origin provided ('our domain') does not match the recipient window's origin ('auth.ne

[ Edited ]

‎03-26-2021 02:25 PM - edited ‎03-26-2021 02:30 PM

Sometimes this error is the result of a target window that has not finished loading.

 

The basic syntax to check that the target frame has loaded would be :

const iframe = document.getElementById("pay_frame");
iframe.addEventListener("load", function() {

// Continue to display the content ... 
});

For IIS, to disable inheritance in child applications, wrap the configuration block in a:

<location path="." inheritInChildApplications="false">
<system.webServer>
  <httpProtocol>
<customHeaders>
<add name="Content-Security-Policy" value="frame-ancestors 'self' *.YOUR_WEBSITE.com *.authorize.net;" />
</customHeaders>
</httpProtocol>
</system.webServer>
</location>

 

Powered by NexWebSites.com -
Certified Authorize.net developers
Message 5 of 5 (458 Views)
Reply
0 Kudos