Happy Business Starts Here

CORS Support for Direct Post

CORS Support for Direct Post


Currently it is not possible to implement a checkout experience with Direct Post that keeps the customer on the checkout page without redirection. We would to avoid redirection to improve the checkout experience.


This redirection-less checkout is possible with the Payment Pages 2.0, using the javascript callback, however we are finding that conversion rates are not great with the current checkout design and we would like to improve the experience by adding more real time feedback as well as better validation for direct debit customers - which are not possible with the iframe.    


Our ideal design is one where the form is posted directly to zuora via ajax.  However we are finding that this is not possible as the /apps/PublicHostedPageLite.do page does not support the CORS header "Access-Control-Allow-Origin" and hence cannot be called directly form the customers browser (although this is exactly what happens with the iframe).  This leaves us with two choices (neither of which are ideal):-


1) Rely on redirect, which limits the design of the checkout.

2) Implement the ajax call through our server, and pass that on to Zuora.  However, this adds an additional touch point for the card details.


It would help with the checkout experience if the  PublicHostedPageLite page supported the CORS header to make this possible.




Honor Student

Ran into this today. Just incase anyone else tries to do an ajax post to 

https://www.zuora.com/apps/PublicHostedPageLite.do you will receive a 302 redirect to the Login.do
I think this feature is a must have for an api driven platform. The documentation is also woefully cumbersome and disjointed around Direct Post 2.0. 

+1, this is definitely needed in today's web ecosystem. Single page apps should not have to break their UX for form submissions.