During a payment process, I have a remote 3DSecure form in an iframe on my site. After the user enters their 3D Secure PIN, the remote bank will POST the user back to a supplied URL (the "termURL") with the results. That, of course, stays in the iframe.
What I would like to do, on receiving the POST from the bank, is to check if I am in the iframe, and if so, break out of it.
Checking window.self !== window.top
will tell me if I am in the iframe. Looking for expected POST values will tell me if I have returned from the bank (or am POSTing back to myself, with the bank's 3DSecure result). So what next?
I'm guessing the page in the iframe needs to re-POST itself with with a target of _top
. Do I need to do that using a self-POSTing form, or can it be done just using JavaScript?
I have no control over the content of the iframe when it displays the 3DSecure form, so I cannot get that remote site to target _top
in the user's browser when returning the user to my site.