Cybersource payment from Admin and front on different domains not processed

This article provides a patch for the known Adobe Commerce 2.3.0 limitation related to not having the ability to process Cybersource payments from both storefront and the Commerce Admin, if they are on different domains.

The core Adobe Commerce Cybersource payment integration is deprecated since 2.3.3 and will be completely removed in 2.4.0. Use the official extension from marketplace instead.


The previous implementation of the Cybersource integration allowed processing payments from one domain only. As a result, if your Adobe Commerce storefront is on different domain from the Commerce Admin, you get the following error when trying to place an order using Cybersource in the Admin: " Load denied by X-Frame-Options: https://%your_domain%/cybersource/SilentOrder/TokenResponse/ does not permit cross-origin framing. …"

Steps to reproduce:

  1. Set up Admin on a different subdomain.
  2. Configure Cybersource for the store under Stores > Settings > Configuration > Sales > Payment Methods > CyberSource.
  3. Go to Sales > Orders.
  4. Create new order.
  5. Create new customer.
  6. Enter customer details.
  7. Enter order details (products, shipping method).
  8. Select Cybersource as the payment method.
  9. Submit order.

Expected result: Order is placed with no issues.

Actual result: The Order page shows a loading icon, but the order is never placed. The error is displayed in console.


The attached patch provides the improvement for the integration with Cybersource. After applying the patch, you need to create one more profile with Cybersource for processing payments in the Admin, and add the required credentials in the Cybersource configuration in the Commerce Admin under Stores > Settings > Configuration > Sales > Payment Methods > CyberSource.

The improvement is included in Adobe Commerce on-premises and cloud infrastructure 2.2.9 and 2.3.1.


There are several patches attached to this article, different patches for different versions. To download a patch, scroll down to the end of the article and click the file name, or click the following link:

Compatible Adobe Commerce versions

The patches were created for particular version noted in the patch file name. For example, MDVA-5914_EE_2.1.9_COMPOSER_v3.patch was created for Adobe Commerce 2.1.9 and is the best patch to be used for this version.

The patches are also compatible with the following versions:

  • Adobe Commerce on-premises 2.1.3-2.1.17; Adobe Commerce on cloud infrastructure 2.1.5-2.12 (MDVA-5914_EE_2.1.9_COMPOSER_v3.patch)
  • Adobe Commerce on-premises 2.2.0-2.2.3; Adobe Commerce on cloud infrastructure 2.2.0-2.2.3 (MDVA-8609_EE_2.2.2_COMPOSER_v2.patch)
  • Adobe Commerce on-premises 2.2.4-2.2.7; Adobe Commerce on cloud infrastructure 2.2.4-2.2.7 (MDVA-12964_EE_2.2.5_COMPOSER_v1.patch)
  • Adobe Commerce on-premises 2.2.8, 2.3.0; Adobe Commerce on cloud infrastructure 2.3.0 (MDVA-16643_EE_2.3.0_COMPOSER_v1.patch)

How to apply a patch

For instructions, see How to apply a composer patch provided by Adobe in our support knowledge base.

Attached Files