We are having the same issue as in this post: https://community.developer.authorize.net/t5/Integration-and-Testing/AUthorize-net-hosted-payment-pa...
From reading that post, we have tried applying the content-security-policy via web.config file (asp.net/IIS) is not working. We are passing a paymentProfileId in the token.
- We are still seeing the error in the console.
- Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('our domain') does not match the recipient window's origin ('auth.net domain')
- The payment gets cut off and is not the correct size so you cannot see all of the fields.
- The purchase window does not close after a purchase.
Example of web.config:
<httpProtocol>
<customHeaders>
<add name="Content-Security-Policy" value="frame-ancestors 'self' https://localhost:44300 *.ourdomain.com *.authorize.net" />
</customHeaders>
</httpProtocol>
We have even tried with the Content-Security-Policy-Report-Only but still no luck, it acts the same.
What can we do when the content-security-policy is not working?