Error with IAV example flow


(Stephen Ausman) #42

Hey @freevital,

Due to the way dwolla.js works (communicating with an <iframe> using Window.postMessage()), you’ll need to serve the HTML via HTTPS. This is due to security features implemented by various browsers which prevent pages with different protocols from communicating with each other.

Normally, scripts on different pages are allowed to access each other if and only if the pages they originate from share the same protocol, port number, and host (also known as the “same-origin policy”). window.postMessage() provides a controlled mechanism to securely circumvent this restriction (if used properly).

Source: https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage

If you have any questions just let us know.