3DS with headless commerce

MeherG
Tourist
5 1 0

Hello,

Shopify has been pushing for the headless commerce.

So I have an implementation that requires 3DS. 

According the graphql api I get the returnurl (which is the challenge page) : this page is being sent with x-frame-options : DENY. so you cannot embed this window in an iframe (frictionless flow) . HOWEVER this is supported by the emvco standard

 I really would like a professional support from shopify to discuss the way they did implement their 3DS. The emvco standard tells explicitly that the 3DS challenge window can be put into an iframe but Shopify’s implementation won’t let you do that as they are sending some X-Frame-Option : DENY in the 3DS challenge page also .. they should provide the return url as any standard implementation.

Open for discussion !

Stripe implementation supports the iframe too. https://stripe.com/docs/payments/3d-secure as I already know, Shopify uses stripe in their backend, why this is not supported ? 

Thanks.

0 Likes
MeherG
Tourist
5 1 0

The solution for this is to reach out shopify and ask them to disable the clickjacking on the spinning wheel page. in the 3DS.

0 Likes