Iframes FAQ

Prev Next

Redirect URLs

Q: How do I set up a Redirect URL in an iframe?

A: The redirection domain should have relaxed CSP rules (Setup > Security > CSP Trusted Sites) or the parent domain needs to be added to the frame-ancestor rule.

Q: How do I redirect an Attendee to an Event Group’s webpage or a different Event after registering for an Event in an iframe?

A: You need to specify the relative path instead of the whole URL in the original Event’s Redirect URL field. For example, use “/5a195eDuv5V” instead of “https://events.blackthorn.io/5e53zvb7/5a195eDuv5V” in the Redirect URL field.

Iframes and Third-Party Sources

Q: How do I set up Custom CSS Injection, Google Tag Manager, or Google Analytics to work with Iframes?

A: Any style, media, font, etc … from third party sources / domains need to include these sources in their CSP rules. This also goes for Google Tag Manager, Google Analytics, and any other tracking tools that generate iframes. See https://content-security-policy.com/ for more.

Iframes and Payment Gateways

Why am I having issue with my TouchNet gateway in an iframe?

A: If your Attendees cannot register for an Event using a TouchNet Payment Gateway when that Event is in an iframe, click here for information about security-related errors for iPhone users.

How do I securely authenticate Transactions with Spreedly?

A: To ensure authentication occurs correctly when using iframed components and a Spreedly payment gateway, add the Payment Gateway’s Spreedly Private Key and Spreedly Certificate Token fields to the Payment Gateway page layout. Click here for more information about these fields.