Comment by jefozabuss

3 years ago

As someone who dealt with payment iframes in SPAs I'm so happy I don't have to use any iframes nowadays. There are a few articles how you can "kind of track" when the iframe caused extra history entries then you need to increase your back navigation by the count of them, it was a mess back in the days so not sure how is it solved nowadays.

Today you can still use iframes but most gateways now provide a tokenization api that provides the form to produce the tokenized cc. Afaik tokenized cc isn't falling under PCI.

My big issues with iframes is the checkout process which inevitably has to make callbacks to your api with the results of the transaction. If you're behind any sort of firewall (like most businesses are) you're in for a world of http pain.

  • The payment gateways still use iframes, they just don’t tell you that.

    This is also why styling such forms is always some species of wonky.

    • The gateways I use don't, or at least give me the option not to.

      Those iFrames cause all kinds of headaches when the user hits the back button or double clicks a submit button or does any number of other things that happen thousands of times a day on a moderately high traffic site, and when it messes up you either miss out on a sale (ouch) or charge the customer twice (double ouch).

      2 replies →