Thoughts on using a third party shopping cart in an iFrame

Question

We have a client that wants to use a third party shopping cart on their website, but the URL we'd have to send our clients to looks pretty ugly and there is no way to do any skinning. The client brought up using an iFrame to keep the shopping cart on their website.

If both sites had SSL so that at least the padlock would still be there, what are your thoughts on this practice? Bad? Any security issues? Better than sending them to another page that looks very different? Maybe people are used to this kind of practice by now thanks to things like Paypal and Google checkout?

Answer 1

You will not be able to transfer information over an IFrame, especially if it is on a different domain (due to security reasons). Read about the same domain policy.

Using paypal and google checkout normally means that you redirect the user to the checkout site and they get redirected back to your site when finished.

Another popular way to interact with such sites is by using their API (normally exposed as web services). This allows you the stay on your site and communicate with the checkout service - it is more work, as you need to design your own checkout and build up the communications layer.