How do I add a CORS header to allow using iFrame to load link from Create Payment Link

How do I add a CORS header to allow using iFrame to load link from Create Payment Link

When I try to load the link returned from the Create Payment Link into an iframe I get this error. The dialog opens but its blank due to the CORS error.

Access to XMLHttpRequest at ‘’ from origin ‘’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Is there somewhere in the Square settings where I can allow mydomain to make inbound calls?

When I open the link using window.location it works. However opening in a dialog and iframe throws the CORS error.

:wave: I’m Square Dev AI, here to help answer your question!
Based on the information you’ve provided, the following documentation will help answer your question:

Additional Documentation

In-App Payments SDK Quickstart
Make your First API Call
Get Started

If this documentation helped you find a solution, please check the box indicating that this reply solves the problem.
Otherwise one of our Developer Advocates will provide additional assistance shortly.

This did not provide a solution.

Square’s Payment Links are designed to be opened in a new tab or window, and not embedded within an iframe. This is due to security reasons and to ensure a consistent user experience. The CORS policy error you’re encountering is a security feature implemented by web browsers to restrict how resources are shared between domains. Unfortunately, there’s no setting in Square to modify this behavior. You should consider redirecting your users to the payment link in a new tab or window instead of using an iframe.

This answer was reviewed by @Bryan-Square.

Ok, I can dream. I have it working with a new window, I was just going for something more seamless.

Seems like a nice feature even if you charged for it. I could enter my domain in my square account, then when I create the payment link I get sent a link that will accept my domain.

Thanks for confirming.