Storefront 2.0 is a modern, single-page application (SPA). It fits on a single web page and aims to provide a more fluid user experience akin to a desktop application. In a SPA, either all necessary code – HTML, JavaScript, and CSS – is retrieved with a single page load, or the appropriate resources are dynamically loaded and added to the page as necessary, usually in response to user actions. The page does not reload at any point in the process, and control is not transferred to another page. 

Companies attempting to use legacy browsers combined with certain integration methods (ex. frames) may encounter problems when trying to run single-page applications, and as such they may not be compatible with the Storefront 2.0 punchout solution. (Procurement systems like SAP/Ariba and Oracle typically run punchouts within a frame.)

Internet Explorer (IE) is the main culprit; it treats browser cookies differently than other browsers. Safari is another browser that is often incompatible with the 2.0 punchout solution.
 
Here are the options for 2.0 punchout implementations:

Run in Chrome, Edge or Firefox. 2.0 punchouts function in the Firefox and Chrome, Edge and Firefox browsers. IE 11 in non-compatibility mode works in most cases. If you encounter problems, whitelist the Four51 domain. Legacy versions of IE are not guaranteed to work with 2.0 punchouts. We recommend that if you move forward with a 2.0 punchout running in a frame, you ensure that all site users plan on using a modern browser.

Run Storefront outside of a frame. To determine whether this is possible, you’ll need to speak with a technical resource familiar with the details of the procurement platform. If the platform supports running Storefront 2.0 outside of a frame, users will be able to use any 2.0 compatible browser.

Implement a custom URL. Our testing indicates that the cookie issue can be overcome if the platform provider supports a custom URL. If, for example, PeopleSoft (or Ariba, or Oracle, etc.) can accommodate a custom URL that is a sub-domain of its main peoplesoft.com domain, this would resolve the cookie issue. This works because the parent domain would be the same as the frame domain -- just with a different sub-domain.  For example, the parent domain is www.peoplesoft.com and the Four51 2.0 site URL would be something like clientname.peoplesoft.com.  PeopleSoft would create that sub-domain and then Four51 would create the SSL certificate for that domain and apply it to the appropriate 2.0 site.  

Another option -- implementing the punchout using a frame on Four51's 1.0 platform -- remains viable for now but is becoming increasingly difficult to support as browsers implement new and stringent cookie security policies. Four51 charges an additional per-site fee for 1.0 punchouts running in a frame. 

Please keep in mind that important technical differences exist across the hundreds of available procurement platforms and as such, all punchout implementations require thorough testing.