Due to the way
dwolla.js works (communicating with an
Window.postMessage()), you’ll need to serve the HTML via HTTPS. This is due to security features implemented by various browsers which prevent pages with different protocols from communicating with each other.
Normally, scripts on different pages are allowed to access each other if and only if the pages they originate from share the same protocol, port number, and host (also known as the “same-origin policy”).
window.postMessage()provides a controlled mechanism to securely circumvent this restriction (if used properly).
If you have any questions just let us know.