This article provides a patch for the known Magento Commerce 2.3.0 limitation related to not having ability to process Cybersource payments from both store front and Admin, if they are on different domains.
The core Magento Cybersource payment integration is deprecated since 2.3.3 and will be completely removed in 2.4.0. Use the official extension from marketplace instead.
The previous implementation of the Cybersource integration allowed processing payments from one domain only. As a result, if your Magento store front is on different domain from Magento Admin, you get the following error when trying to place an order using Cybersource in Admin: "Load denied by X-Frame-Options: https://%your_domain%/cybersource/SilentOrder/TokenResponse/ does not permit cross-origin framing..."
Steps to reproduce:
- Set up Admin on a different subdomain.
- Configure Cybersource for the store under Stores > Settings > Configuration > Sales > Payment Methods > CyberSource.
- Go to Sales > Orders.
- Create new order.
- Create new customer.
- Enter customer details.
- Enter order details (products, shipping method)
- Select Cybersource as the payment method.
- Submit order.
Order is placed with no issues.
The Order page shows a loading icon, but the order is never placed. The error is displayed in console.
The attached patch provides the improvement for the integration with Cybersource. After applying the patch, you need to create one more profile with Cybersource for processing payments in Admin, and add the required credentials in the Cybersource configuration in Magento Admin under Stores > Settings > Configuration > Sales > Payment Methods > CyberSource.
The improvement is included in Magento Commerce and Cloud 2.2.9 and 2.3.1.
There are several patches attached to this article, different patches for different versions. To download a patch, scroll down to the end of the article and click the file name, or click the following link:
- Download MDVA-5914_EE_2.1.9_COMPOSER_v3.patch
- Download MDVA-8609_EE_2.2.2_COMPOSER_v2.patch
- Download MDVA-12964_EE_2.2.5_COMPOSER_v1.patch
- Download MDVA-16643_EE_2.3.0_COMPOSER_v1.patch
Compatible Magento versions
The patches were created for particular version noted in the patch file name. For example, MDVA-5914_EE_2.1.9_COMPOSER_v3.patch was created for Magento Commerce 2.1.9 and is the best patch to be used for this version.
The patches are also compatible with the following versions:
- Magento Commerce 2.1.3-2.1.17; Magento Commerce Cloud 2.1.5-2.12 (MDVA-5914_EE_2.1.9_COMPOSER_v3.patch)
- Magento Commerce 2.2.0-2.2.3; Magento Commerce Cloud 2.2.0-2.2.3 (MDVA-8609_EE_2.2.2_COMPOSER_v2.patch)
- Magento Commerce 2.2.4-2.2.7; Magento Commerce Cloud 2.2.4-2.2.7 (MDVA-12964_EE_2.2.5_COMPOSER_v1.patch)
- Magento Commerce 2.2.8, 2.3.0; Magento Commerce Cloud 2.3.0 (MDVA-16643_EE_2.3.0_COMPOSER_v1.patch)
How to apply a patch
See How to apply a composer patch provided by Magento for instructions.