Few days ago, I had a problem with a mobile app that I’m working on. The app includes a credit card payment which required what’s called 3d secure authentication, that’s a code that gets sent to your mobile to confirm it’s really you who’s trying to make a payment using your credit card.
Problem is, the 3d secure page is located on a secure server that belongs to the card issuer, that – once completed – redirects back to a callback page on our server and we had to display it in an iframe inside the app then detect once the operation has completed to confirm if the user has paid or not, however, You can’t access an <iframe> with Javascript. For the same-origin policy browsers block scripts trying to access a frame with a different origin. Bear in mind that the app code is running in the file:// protocol, while the callback page is loaded from our https web server. Continue reading “App/Server communication with Same-origin security policy”
