Payments2Us ManualsPayments2Us - Frequently Asked QuestionsCheckout Form - FAQThe checkout form is not showing when embedded as an iframe OR x-frame options need to be made visible OR setting up CORS

The checkout form is not showing when embedded as an iframe OR x-frame options need to be made visible OR setting up CORS

1. Check X-frame options

Should your form be working fine when not embedded in an iframe, but stops working within the iframe, or if your webmaster has suggested that you need to make the x-frame options on the payment form visible, then you will need to do the following:

  • Navigate to Setup > Develop > Sites.  Click Edit next to the Payments form related site.
  • Change the "Clickjack Protection Level" to "Allow framing of site pages or external domains (Good protection)".

2. Add your website as trusted for internal users

Then Go to Setup->Session Settings->Trusted Domains->Add Domain - Add Your website domain - *{yourwebsitedomain}".

NOTE the *.yourwebsite domain.  
A common mistake is organisations add say https://mydomain.com, but there website actually uses https://www.mydomain.com (with the www. added, or some sites have removed the www.)  Using the *.mydomain.com would cater for both scenarios.

3. Add your website as trusted for iframes/external web pages

  1. Click on Setup cog (Top right corner)
  2. Search "Trusted URLs"
  3. Click into "Trusted URLs" menu item
  4. Press "New Trusted URL" button

NOTE the https://*.yourwebsite domain.  

A common mistake is organisations add say https://mydomain.com, but there website actually uses https://www.mydomain.com (with the www. added, or some sites have removed the www.)  Using the *.mydomain.com would cater for both scenarios.

  1. Enter a name.  Any name will be ok, but suggest the main part of the domain
  2. Enter *{yourwebsitedomain}"  - See note below in yellow
  3. Select all options
  4. Press SAVE button

4. Check you are using a secure URL

  1. Check the URL being used starts with"httpS://"(Not the "S" part). It has been the case with some organisations that when they've added the form to their website, they have missed this part.
  2. That the URL being used has ...secure.force.com.. in it (prior to Enhanced Domains Enablement), or ....salesforce-sites.com... (post Enhanced Domains Enablement [Jan 2023]) in it. Eg. "https://xxxxxx.my.salesforce-sites.com/"For more on this, check the setup procedure How to connect your new site to your Merchant Facility. MAKE sure the Base Site URL on the Merchant Facility is updated to have the secure URL.

5. Check with your webmaster

There might be a setting on your web platform that is blocking forms from a different site. You will need to check with them as we are not able to provide any further assistance here.