PayPal Changes. No support for http 1.0

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.
11 年 前
Received this email from PayPal this morning. Is it relevant to any of the PayPal plugins?

To improve our site’s performance, scalability and availability, we’re going to expand the number of IP addresses for www.paypal.com. We announced this in a bulletin on October 18, 2011. As part of this expansion, we’ll discontinue support for the HTTP 1.0 protocol on February 1, 2013.



If your IPN (Instant Payment Notification) or PDT (Payment Data Transfer) scripts use the HTTP 1.0 protocol, this change may impact your ability to perform IPN post-back validation or PDT posts to www.paypal.com.



Additional Details

Starting February 1, 2013, we’ll require all incoming requests to have a “Host” header which complies with HTTP 1.1 specifications. This header was not required with the HTTP 1.0 protocol.  IPN and PDT scripts using HTTP 1.0 may start failing with “HTTP/1.0 400 Bad Request” errors after February 1, 2013, which will result in IPN messages not being validated successfully, or PDT scripts not being able to retrieve transaction information.



Action Required before February 1, 2013

If your IPN (Instant Payment Notification) or PDT (Payment Data Transfer) scripts use the HTTP 1.0 protocol. You’ll need to update your scripts to HTTP 1.1, and include the “Host” header in the IPN postback script.



Example:

ASP

//Set values for the request back

req.Method="POST";

req.Host="www.paypal.com";

req.ContentType="application/x-www-form-urlencoded";



Perl

$req=HTTP::Request->new('POST', 'https://www.paypal.com/cgi-bin/webscr');

$req->content_type('application/x-www-form-urlencoded');

$req->header(Host=> 'www.paypal.com');



PHP

// post back to PayPal system to validate

$header .="POST /cgi-bin/webscr HTTP/1.1\r\n";

$header .="Content-Type: application/x-www-form-urlencoded\r\n";

$header .="Host: www.paypal.com\r\n";



Java

HttpsURLConnection  uc=(HttpsURLConnection) u.openConnection();

uc.setDoOutput(true);

uc.setRequestProperty("Content-Type","application/x-www-form-urlencoded");

uc.setRequestProperty("Host", "www.paypal.com");



Our Sandbox environment has been configured to reject any HTTP requests without the “Host” header with a HTTP 400 error.  You can use Sandbox to test any changes to your IPN and PDT scripts.

For more information on PDT and IPN, please refer to http://www.paypal.com/pdt and http://www.paypal.com/ipn. For additional information about this change, please refer to https://www.paypal.com/mts.
Darren Pegram
www.inkredible.co.uk

Twitter: @darrenpegram
2
11 年 前
Hi Darren,

Thanks for info. I don't know whether it's relevant to PayPal plugins. But I'll create a work item to investigate it further
Interested in the dedicated Premium support services provided by core developers? Please visit https://www.nopcommerce.com/nopcommerce-premium-support-services

Regards,
Andrei Mazulnitsyn
nopCommerce team
0
11 年 前
After some investigation I can confirm that "Host" header is already sent to PayPal. So no source code changes are required
Interested in the dedicated Premium support services provided by core developers? Please visit https://www.nopcommerce.com/nopcommerce-premium-support-services

Regards,
Andrei Mazulnitsyn
nopCommerce team
2
11 年 前
a.m. wrote:
After some investigation I can confirm that "Host" header is already sent to PayPal. So no source code changes are required

Great. Thanks
Darren Pegram
www.inkredible.co.uk

Twitter: @darrenpegram
0
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.